我在Play商店更新了我的应用程序。突然它被拒绝了。 它说的是 安全警报 您的应用正在使用HostnameVerifier的不安全实现。有关详细信息,请参阅此Google帮助中心文章,其中包括修复漏洞的截止日期。
弱势群体:
com.xxx.xxx.network.NukeSSLCerts$2
下面我的NukeSSLCerts.java类 去年9月我使用了相同的代码,它已更新。但今天拒绝了。
public class NukeSSLCerts {
public static void nuke() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
X509Certificate[] myTrustedAnchors = new X509Certificate[0];
return myTrustedAnchors;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
try {
certs[0].checkValidity();
} catch (Exception e) {
throw new CertificateException("Certificate not valid or trusted.");
}
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
try {
certs[0].checkValidity();
} catch (Exception e) {
throw new CertificateException("Certificate not valid or trusted.");
}
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
});
} catch (Exception e) {
}
}
}
我的Android依赖项就像这样
dependencies {
final SUPPORT_LIBRARY_VERSION = '25.0.1'
final FIREBASE_VERSION = '10.0.1'
compile fileTree(include: ['*.jar'], dir: 'libs')
compile "com.android.support:appcompat-v7:$SUPPORT_LIBRARY_VERSION"
compile "com.android.support:design:$SUPPORT_LIBRARY_VERSION"
compile "com.android.support:support-v4:$SUPPORT_LIBRARY_VERSION"
compile files('libs/volley.jar')
compile 'com.google.zxing:core:3.0.1'
compile 'com.android.support:recyclerview-v7:25.0.1'
compile "com.google.firebase:firebase-messaging:$FIREBASE_VERSION"
compile 'com.android.support:multidex:1.0.0'
}
有任何建议要求克服此应用更新拒绝问题。 我也没有使用任何webview。