我对易受JavaScript接口注入攻击的WebView遇到技术问题。除了PayUMoney,我们没有在应用程序中使用任何webView。我不知道该问题发生在哪里以及如何解决我的应用程序中的安全漏洞问题。
我从Google收到的电子邮件:
Hello Google Play Developer,
We reviewed Local Marriage, with package name com.app.localMarriage, and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device, and may be considered to be in violation of our Malicious Behavior policy.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please migrate your apps to use the updated software as soon as possible and increment the version number of the upgraded APK.
Vulnerability APK Version(s) Deadline to fix
JavaScript Interface Injection
Your app(s) are using a WebView that is vulnerable to JavaScript interface injection.
To address this issue, follow the steps in this Google Help Center article.
0 December 11, 2019
Vulnerability APK Version(s) Deadline to fix
To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours. We’ll show a warning message if the app hasn’t been updated correctly.
While these vulnerabilities may not affect every app, it’s best to stay up to date on all security patches.
If you have technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-security.” For clarification on steps you need to take to resolve this issue, you can contact our developer support team.
Best,
The Google Play Team