您的应用程序正在使用HostnameVerifier的不安全实现.有关修复和截止日期的详细信息,请参阅Google Play Help Center文章的链接.
以下是我的代码.
httpsURLConnection.setDefaultHostnameVerifIEr(new HostnameVerifIEr(){ public boolean verify(String arg0,SSLSession arg1) { return true;}}); 任何人都可以通过示例来解释,我应该做些什么更改来修复此警告?
解决方法 同样在这里 – 在APK中检测到不安全的主机名验证程序Your app is using an unsafe implementation of HostnameVerifIEr. Please
see this Google Help Center article for details,including the
deadline for fixing the vulnerability. Im not using HostnameVerifIEr
and not calling setDefaultHostnameVerifIEr. Moreover – Im using OKhttp
lib for http-requests. I hope that defining TrustManager will solve
this issue.
由于我不是子类化HostnameVerifIEr或调用setDefaultHostnameVerifIEr(),我认为它依赖于某些第三方库.由于我无法检测到这样的lib,我想我会尝试添加一个包含以下代码的类
httpsURLConnection.setDefaultHostnameVerifIEr(new HostnameVerifIEr() { public boolean verify(final String hostname,final SSLSession session) { if (/* check if SSL is really valID */) return true; else return false; }}); 到我的项目,将看看它是否解决了这个问题.
所以我做了它,除了每个webVIEw我都添加了重写方法
@OverrIDepublic voID onReceivedSslError(WebVIEw vIEw,final SslErrorHandler handler,SslError error) { // the main thing is to show dialog informing user // that SSL cert is invalID and prompt him to continue without // protection: handler.proceed(); // or cancel: handler.cancel(); String message; switch(error.getPrimaryError()) { case SslError.SSL_DATE_INVALID: message = ResHelper.getString(R.string.ssl_cert_error_date_invalID); break; case SslError.SSL_EXPIRED: message = ResHelper.getString(R.string.ssl_cert_error_expired); break; case SslError.SSL_IDMISMATCH: message = ResHelper.getString(R.string.ssl_cert_error_IDmismatch); break; case SslError.SSL_INVALID: message = ResHelper.getString(R.string.ssl_cert_error_invalID); break; case SslError.SSL_NOTYETVALID: message = ResHelper.getString(R.string.ssl_cert_error_not_yet_valID); break; case SslError.SSL_UNTRUSTED: message = ResHelper.getString(R.string.ssl_cert_error_untrusted); break; default: message = ResHelper.getString(R.string.ssl_cert_error_cert_invalID); } mSSLConnectionDialog = new MaterialDialog.Builder(getParentActivity()) .Title(R.string.ssl_cert_error_Title) .content(message) .positiveText(R.string.continue_button) .negativeText(R.string.cancel_button) .TitlecolorRes(R.color.black) .positivecolorRes(R.color.main_red) .contentcolorRes(R.color.comment_grey) .backgroundcolorRes(R.color.sIDes_menu_gray) .onPositive(new MaterialDialog.SinglebuttonCallback() { @OverrIDe public voID onClick(MaterialDialog materialDialog,DialogAction dialogAction) { mSSLConnectionDialog.dismiss(); handler.proceed(); } }) .onNegative(new MaterialDialog.SinglebuttonCallback() { @OverrIDe public voID onClick(MaterialDialog materialDialog,DialogAction dialogAction) { handler.cancel(); } }) .build(); mSSLConnectionDialog.show(); } 到了
mWebVIEw.setWebVIEwClIEnt(new WebVIEwClIEnt() {... // other corresponding overrIDden methods} 最后谷歌说:
Security SCAN COMPLETE
No kNown vulnerabilitIEs were detected for APK 158.
但是我不确定mWebVIEw.setWebVIEwClIEnt的代码是什么,HostnameVerifIEr或onReceivedSslError().注意:HostnameVerifIEr.setDefaultHostnameVerifIEr()不应该像在代码中一样返回true!它必须实现一些逻辑来检查它是否都可以使用SSL并返回true或false.这很重要.
总结以上是内存溢出为你收集整理的android – Google Play安全警报 – 您的应用正在使用HostnameVerifier的不安全实现全部内容,希望文章能够帮你解决android – Google Play安全警报 – 您的应用正在使用HostnameVerifier的不安全实现所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)