• <bdo id='KObFf'></bdo><ul id='KObFf'></ul>

        <tfoot id='KObFf'></tfoot>

        <small id='KObFf'></small><noframes id='KObFf'>

      1. <legend id='KObFf'><style id='KObFf'><dir id='KObFf'><q id='KObFf'></q></dir></style></legend>
      2. <i id='KObFf'><tr id='KObFf'><dt id='KObFf'><q id='KObFf'><span id='KObFf'><b id='KObFf'><form id='KObFf'><ins id='KObFf'></ins><ul id='KObFf'></ul><sub id='KObFf'></sub></form><legend id='KObFf'></legend><bdo id='KObFf'><pre id='KObFf'><center id='KObFf'></center></pre></bdo></b><th id='KObFf'></th></span></q></dt></tr></i><div id='KObFf'><tfoot id='KObFf'></tfoot><dl id='KObFf'><fieldset id='KObFf'></fieldset></dl></div>

        Google Play 安全警报 - 您的应用正在使用不安全的 HostnameVerifier 实现

        时间:2023-11-09
        <tfoot id='rQJPp'></tfoot>

        <small id='rQJPp'></small><noframes id='rQJPp'>

          <tbody id='rQJPp'></tbody>
            1. <i id='rQJPp'><tr id='rQJPp'><dt id='rQJPp'><q id='rQJPp'><span id='rQJPp'><b id='rQJPp'><form id='rQJPp'><ins id='rQJPp'></ins><ul id='rQJPp'></ul><sub id='rQJPp'></sub></form><legend id='rQJPp'></legend><bdo id='rQJPp'><pre id='rQJPp'><center id='rQJPp'></center></pre></bdo></b><th id='rQJPp'></th></span></q></dt></tr></i><div id='rQJPp'><tfoot id='rQJPp'></tfoot><dl id='rQJPp'><fieldset id='rQJPp'></fieldset></dl></div>

              <legend id='rQJPp'><style id='rQJPp'><dir id='rQJPp'><q id='rQJPp'></q></dir></style></legend>
                <bdo id='rQJPp'></bdo><ul id='rQJPp'></ul>
                  本文介绍了Google Play 安全警报 - 您的应用正在使用不安全的 HostnameVerifier 实现的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  最近我的一个应用收到了来自 Google Play 的安全警报,如下所示.

                  Recently one of my app got a security alert from Google Play as below.

                  您的应用正在使用 HostnameVerifier 的不安全实现.并参考 Google Play 帮助中心 文章的链接,了解有关漏洞修复和截止日期的详细信息.

                  You app is using an unsafe implementation of the HostnameVerifier. And refer a link to Google Play Help Center article for details regarding to fixing and deadline of vulnerability.

                  下面是我的代码.

                  HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){ 
                      public boolean verify(String arg0, SSLSession arg1) {
                          return true;
                  }}); 
                  

                  任何人都可以举例说明,我应该做哪些更改来修复此警告?

                  Anyone can explain with example about, what changes should I do to fix this warning?

                  推荐答案

                  同样 - 在 APK 中检测到不安全的主机名验证器

                  Same here - Insecure Hostname Verifier Detected in APK

                  您的应用正在使用不安全的 HostnameVerifier 实现.请有关详细信息,请参阅此 Google 帮助中心文章,包括修复漏洞的最后期限.我没有使用 HostnameVerifier而不是调用 setDefaultHostnameVerifier.此外 - 我使用 OKHTTP用于 http 请求的库.我希望定义 TrustManager 能解决这个问题.

                  Your app is using an unsafe implementation of HostnameVerifier. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability. Im not using HostnameVerifier and not calling setDefaultHostnameVerifier. Moreover - Im using OKHTTP lib for http-requests. I hope that defining TrustManager will solve this issue.

                  由于我没有继承 HostnameVerifier 或调用 setDefaultHostnameVerifier() 我假设它依赖于一些 3rd 方库.由于我无法检测到这样的库,我想我会尝试使用以下代码添加一个类

                  Since I'm not subclassing HostnameVerifier or calling setDefaultHostnameVerifier() I assume it relies to some 3rd party lib. Since I can't detect such lib I think I will try to add a class with following code

                  HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
                      public boolean verify(final String hostname, final SSLSession session) {
                          if (/* check if SSL is really valid */)
                              return true;
                          else
                              return false;
                      }
                  });
                  

                  到我的项目,看看它是否能解决问题.
                  所以我做到了,此外,我还添加了覆盖方法的每个 webView

                  to my project and will see if it fixes the issue.
                  So I did it and additionally to every webView I've added overridden method

                  @Override
                  public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
                      // the main thing is to show dialog informing user
                      // that SSL cert is invalid and prompt him to continue without 
                      // protection: handler.proceed();
                      // or cancel: handler.cancel();
                      String message;
                      switch(error.getPrimaryError()) {
                          case SslError.SSL_DATE_INVALID:
                              message = ResHelper.getString(R.string.ssl_cert_error_date_invalid);
                              break;
                          case SslError.SSL_EXPIRED:
                              message = ResHelper.getString(R.string.ssl_cert_error_expired);
                              break;
                          case SslError.SSL_IDMISMATCH:
                              message = ResHelper.getString(R.string.ssl_cert_error_idmismatch);
                              break;
                          case SslError.SSL_INVALID:
                              message = ResHelper.getString(R.string.ssl_cert_error_invalid);
                              break;
                          case SslError.SSL_NOTYETVALID:
                              message = ResHelper.getString(R.string.ssl_cert_error_not_yet_valid);
                              break;
                          case SslError.SSL_UNTRUSTED:
                              message = ResHelper.getString(R.string.ssl_cert_error_untrusted);
                              break;
                          default:
                              message = ResHelper.getString(R.string.ssl_cert_error_cert_invalid);
                      }
                      mSSLConnectionDialog = new MaterialDialog.Builder(getParentActivity())
                              .title(R.string.ssl_cert_error_title)
                              .content(message)
                              .positiveText(R.string.continue_button)
                              .negativeText(R.string.cancel_button)
                              .titleColorRes(R.color.black)
                              .positiveColorRes(R.color.main_red)
                              .contentColorRes(R.color.comment_grey)
                              .backgroundColorRes(R.color.sides_menu_gray)
                              .onPositive(new MaterialDialog.SingleButtonCallback() {
                                  @Override
                                  public void onClick(MaterialDialog materialDialog, DialogAction dialogAction) {
                                      mSSLConnectionDialog.dismiss();
                                      handler.proceed();
                                  }
                              })
                              .onNegative(new MaterialDialog.SingleButtonCallback() {
                                  @Override
                                  public void onClick(MaterialDialog materialDialog, DialogAction dialogAction) {
                                      handler.cancel();
                                  }
                              })
                              .build();
                      mSSLConnectionDialog.show(); 
                  }
                  

                  mWebView.setWebViewClient(new WebViewClient() {
                  ... // other corresponding overridden methods
                  }
                  

                  最后,谷歌说:

                  安全扫描完成
                  未检测到 APK 158 的已知漏洞.

                  SECURITY SCAN COMPLETE
                  No known vulnerabilities were detected for APK 158.

                  但是我不确定是什么代码实现的,HostNameVerifiermWebView.setWebViewClientonReceivedSslError().注意:HostNameVerifier.setDefaultHostnameVerifier() 不应该总是返回 true 就像它在你的代码中一样!它必须实现一些逻辑来检查 SSL 是否一切正常并返回 true 或 false.这是必不可少的.

                  However I'm not sure what code made it, HostNameVerifier or onReceivedSslError() of mWebView.setWebViewClient. Note: HostNameVerifier.setDefaultHostnameVerifier() should not return true always like it is in your code! It has to implement some logic to check if its all OK with SSL and return true or false. It is essential.

                  这篇关于Google Play 安全警报 - 您的应用正在使用不安全的 HostnameVerifier 实现的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  上一篇:如何在android studio中更改包名? 下一篇:您的 Android App Bundle 使用错误的密钥进行签名.确保您的 app bundle 使用正确的签名密钥进

                  相关文章

                    <bdo id='vo4xc'></bdo><ul id='vo4xc'></ul>
                  <tfoot id='vo4xc'></tfoot>

                  <small id='vo4xc'></small><noframes id='vo4xc'>

                    <legend id='vo4xc'><style id='vo4xc'><dir id='vo4xc'><q id='vo4xc'></q></dir></style></legend>
                    <i id='vo4xc'><tr id='vo4xc'><dt id='vo4xc'><q id='vo4xc'><span id='vo4xc'><b id='vo4xc'><form id='vo4xc'><ins id='vo4xc'></ins><ul id='vo4xc'></ul><sub id='vo4xc'></sub></form><legend id='vo4xc'></legend><bdo id='vo4xc'><pre id='vo4xc'><center id='vo4xc'></center></pre></bdo></b><th id='vo4xc'></th></span></q></dt></tr></i><div id='vo4xc'><tfoot id='vo4xc'></tfoot><dl id='vo4xc'><fieldset id='vo4xc'></fieldset></dl></div>