Advertencia de Google Play: controlador WebViewClient.onReceivedSslError
Recibí un correo electrónico de Google con el siguiente tema: Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler"
Aquí está mi implementación del método (WebView Client):
- Compruebe el método onReceivedSslError () de un WebViewClient si se firma un certificado desde una CA propia auto-firmada
- Acceso web automático de Webview de Android al sitio Web de https estableciendo cookies de token
- Certificado de pinning no funciona con OkHttp en Android
- CertificateException - OpenSSLX509CertificateFactory $ ParsingException
- Problemas con el certificado WSS y SSL en Android
public class MyBrowser extends WebViewClient { boolean timeout; public MyBrowser() { timeout = true; } @Override public void onPageStarted(WebView view, String url, Bitmap favicon) { try { progressBar.setVisibility(View.VISIBLE); }catch(Exception e){ e.printStackTrace(); } } @Override public boolean shouldOverrideUrlLoading(WebView view, String url) { view.loadUrl(url); return true; } public void onPageFinished(WebView view, String url) { try{ progressBar.setVisibility(View.GONE); webView.setVisibility(View.VISIBLE); }catch(Exception e){ Log.e("Exception", e.toString()); Crashlytics.logException(e); } } @Override public void onReceivedError(WebView view, int errorCode, String description, String failingUrl) { isBack=true; if (!CommonUtility.isNetworkAvailable()) { view.loadUrl("file:///android_asset/error.html"); } } }
Después de la primera advertencia, eliminé el método onReceivedSslError del WebClient y subí la nueva versión, pero de nuevo recibí la misma advertencia de Google Play. Y me recomendaron: – "Parece que la versión 18 aún tiene la vulnerabilidad. Vuelva a comprobar el archivo de manifiesto de su aplicación, esta vez con más cuidado, para asegurarse de que la vulnerabilidad ha sido la dirección.
Aquí está mi archivo de manifiesto: – (amablemente Ayúdeme a deshacerse de este problema)
<?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" package="in.test" android:installLocation="auto" android:versionCode="18" android:versionName="2.0" > <uses-sdk android:minSdkVersion="14" android:targetSdkVersion="21" /> <!-- GCM Permisssions --> <uses-permission android:name="android.permission.WAKE_LOCK" /> <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" /> <!-- Creates a custom permission so only this app can receive its messages. NOTE: the permission *must* be called PACKAGE.permission.C2D_MESSAGE, where PACKAGE is the application's package name. --> <permission android:name="in.Sptest.permission.C2D_MESSAGE" android:protectionLevel="signature" /> <uses-permission android:name="android.permission.USE_CREDENTIALS" /> <uses-permission android:name="android.permission.GET_ACCOUNTS" /> <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.READ_PHONE_STATE" /> <uses-permission android:name="android.permission.READ_CONTACTS" /> <uses-permission android:name="android.permission.RECEIVE_SMS" /> <uses-permission android:name="android.permission.READ_SMS" /> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <uses-permission android:name="android.permission.GET_TASKS" /> <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" /> <application android:name=".application.TestApplication" android:hardwareAccelerated="true" android:icon="@drawable/logo" android:label="@string/app_name" tools:replace="android:icon,android:name" > <activity android:name=".LauncherScreen" android:hardwareAccelerated="true" android:label="@string/title_activity_main" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".MainActivity" android:hardwareAccelerated="true" android:label="@string/title_activity_main" android:noHistory="false" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".URLActivity" android:label="@string/app_name" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".SplashActivity" android:label="@string/app_name" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".activities.ActivityIntro" android:label="@string/app_name" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> <activity android:name=".Login_test" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".fragment.FragmentActivityNumberVerification" android:icon="@drawable/app_icon" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".BrowserScreen" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".activities.TermsActivity" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".DataCardRecharge" android:label="@string/title_activity_launcher_screen" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".UserFeedBack" android:label="@string/title_activity_launcher_screen" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".PostpaidMobileRecharge" android:label="@string/title_activity_launcher_screen" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".PrepaidMobileRecharge" android:label="@string/title_activity_launcher_screen" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".Recharge" android:label="@string/title_activity_launcher_screen" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".RailBooking" android:label="@string/title_activity_launcher_screen" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ProfileDetails" android:label="@string/title_activity_profile_details" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".RailTransactionhistory" android:label="@string/title_activity_transactionhistory" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".GetPhoneContact" android:label="@string/title_activity_get_phone_contact" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".TariffPlans" android:label="@string/title_activity_tariff_plans" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".TrnsactionHistory_Details" android:label="@string/title_activity_trnsaction_history__details" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".RailTrnsactionHistory_Details" android:label="@string/title_activity_trnsaction_history__details" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".MyProfile" android:label="@string/title_activity_trnsaction_history__details" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ZaakPAyResponse" android:label="@string/title_activity_trnsaction_history__details" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ZaakPAyResponseRailBooking" android:label="@string/title_activity_trnsaction_history__details" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".RailTicket_PNR" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".PNRStatusDetails" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".RailTicket_History" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".activities.ActivityFavouriteDialog" android:screenOrientation="portrait" android:theme="@android:style/Theme.Translucent.NoTitleBar" /> <activity android:name=".PassenderHistory" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" /> <!-- Copy below Activity Declarations inside <application></application> tag in AndroidManifest.xml of your application --> <!-- Wallet SDK Activity Classes Start Here --> <!-- Wallet SDK Activity Classes End Here --> <activity android:name=".TariffPlansActivity" android:label="@string/title_activity_tariff_plans" android:screenOrientation="portrait" android:theme="@style/Theme.Tariff_plans" > </activity> <activity android:name=".TransactionMessageActivity" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".AboutActivity" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ShareActivity" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" android:windowSoftInputMode="stateHidden" > </activity> <activity android:name=".ActivityLastRechargeList" android:label="@string/title_activity_activity_last_recharge_list" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ActivityNewInfo" android:screenOrientation="portrait" > </activity> <activity android:name=".ActivitySendMoney" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" android:windowSoftInputMode="stateHidden" > </activity> <activity android:name=".ActivitySetTransactionPassword" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ActivityReceivedMoneyDetails" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ActivityTransactionHistory" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ActivityRailBookingHistory" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ActivityNotificationDialog" android:screenOrientation="portrait" android:theme="@android:style/Theme.Holo.Light.Dialog.NoActionBar" > </activity> <activity android:name=".FirstActivity" android:exported="true" android:hardwareAccelerated="true" android:label="@string/title_activity_main" android:launchMode="singleTop" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".activities.OffersFragmentActivity" android:screenOrientation="portrait" android:theme="@style/Theme.Transparent" > </activity> <activity android:name=".RechargeActivity" android:exported="true" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" android:windowSoftInputMode="stateAlwaysHidden" > </activity> <activity android:name=".RailActivity" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" android:windowSoftInputMode="stateHidden|adjustPan" > </activity> <activity android:name=".InviteActivity" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" /> <activity android:name="in.Sptestdeals.DealsActivity" android:screenOrientation="portrait" android:theme="@style/Theme.test" > </activity> <activity android:name=".ActivityNotification" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name="in.Sptestdeals.DealDetailsActivity" android:screenOrientation="portrait" android:theme="@style/Theme.test" android:windowSoftInputMode="stateAlwaysHidden" > </activity> <activity android:name="com.Spdealmodule.activities.ActivityTransactionMessageTest" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > </activity> <activity android:name=".ActivityPaymentOptionsSelection" android:screenOrientation="portrait" android:theme="@style/Theme.test" android:windowSoftInputMode="stateAlwaysHidden" > </activity> <activity android:name=".activities.OpenURLInWebViewActivity" android:screenOrientation="portrait" android:theme="@style/Theme.test" android:windowSoftInputMode="stateAlwaysHidden" > </activity> <activity android:name=".activities.OpenInterestURLInWebViewActivity" android:screenOrientation="portrait" android:theme="@style/Theme.Transparent" > </activity> <activity android:name=".activities.ActivityOfferDetail" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" android:windowSoftInputMode="stateAlwaysHidden" > </activity> <activity android:name=".activities.ActivityAskFriend" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" android:windowSoftInputMode="stateAlwaysHidden" > </activity> <activity android:name=".activities.ActivityNoOffer" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" android:windowSoftInputMode="stateAlwaysHidden" > </activity> <activity android:name=".ActivitySavedCard" android:screenOrientation="portrait" android:theme="@style/Theme.test" android:windowSoftInputMode="stateAlwaysHidden" > </activity> <activity android:name="com.facebook.FacebookActivity" android:configChanges="keyboard|keyboardHidden|screenLayout|screenSize|orientation" android:label="@string/app_name" android:theme="@android:style/Theme.Translucent.NoTitleBar" /> <service android:name=".service.AppInstallIntentService" > </service> <service android:name=".service.FetchtestListService" > </service> <receiver android:name="com.broadcastreceiver.WakefullReceiverAppInstall" > <intent-filter android:priority="2147483647" > <action android:name="android.intent.action.PACKAGE_ADDED" /> <action android:name="android.intent.action.PACKAGE_INSTALL" /> <action android:name="android.intent.action.PACKAGE_REMOVED" /> <data android:scheme="package" /> </intent-filter> </receiver> <receiver android:name="com.broadcastreceiver.ServiceStarter" android:exported="true" > <intent-filter> <action android:name="android.intent.action.BOOT_COMPLETED" /> <action android:name="android.intent.action.QUICKBOOT_POWERON" /> <action android:name="android.intent.action.REBOOT" /> </intent-filter> </receiver> <receiver android:name="com.broadcastreceiver.NetworkChangeReceiver" > <intent-filter> <action android:name="android.net.conn.CONNECTIVITY_CHANGE" /> </intent-filter> </receiver> <service android:name=".service.NetworkChangeIntentService" /> <!-- WakefulBroadcastReceiver that will receive intents from GCM services and hand them to the custom IntentService. The com.google.android.c2dm.permission.SEND permission is necessary so only GCM services can send data messages for the app. --> <receiver android:name="com.Sptest.gcm.GcmBroadcastReceiver" android:permission="com.google.android.c2dm.permission.SEND" > <intent-filter> <!-- Receives the actual messages. --> <action android:name="com.google.android.c2dm.intent.RECEIVE" /> <category android:name="in.Sptest" /> </intent-filter> </receiver> <receiver android:name="com.broadcastreceiver.ReferrerCatcher" android:exported="true" > <intent-filter android:priority="2147483647" > <action android:name="com.android.vending.INSTALL_REFERRER" /> </intent-filter> </receiver> <service android:name="com.Sptest.gcm.GcmIntentService" /> <service android:name=".service.ReferralIntentService" /> <service android:name="com.google.analytics.tracking.android.CampaignTrackingService" /> <service android:name=".service.SmsReadService" /> <provider android:name="com.facebook.FacebookContentProvider" android:authorities="com.facebook.app.FacebookContentProvider1450001738595564" android:exported="true" /> <service android:name=".service.InAppNotificationService" /> <service android:name="com.Sptest.gcm.GCMRegistrationService" /> <!-- <meta-data --> <!-- android:name="com.google.android.gms.version" --> <!-- android:value="@integer/google_play_services_version" /> --> <meta-data android:name="io.fabric.ApiKey" android:value="5423ec39674b4ed2b5891b52a2a7738b1fe69317" /> <meta-data android:name="com.facebook.sdk.ApplicationId" android:value="@string/facebook_app_id" /> <meta-data android:name="com.facebook.sdk.ApplicationName" android:value="@string/app_name" /> <activity android:name=".SMSVerifyActivity" android:screenOrientation="portrait" android:theme="@style/Theme.Sherlock.Light.NoActionBar" > <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent.category.BROWSABLE" /> <data android:host="www.Sptest.com" android:pathPrefix="/scomm/vf" android:scheme="https" /> </intent-filter> <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent.category.BROWSABLE" /> <data android:host="smsverify" android:scheme="Sptest" /> </intent-filter> </activity> <activity android:name="in.Testsdk.TestOffersListActivity" android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize" android:screenOrientation="portrait" android:theme="@android:style/Theme.Translucent" > </activity> <service android:name="in.Testsdk.services.TestAppInstallIntentService" > </service> <service android:name="in.Testsdk.services.TestAppOpenService" > </service> <activity android:name="in.Testsdk.TestOpenInterestActivity" android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize" android:screenOrientation="portrait" android:theme="@style/Theme.Transparent" /> <activity android:name="in.Testsdk.TestOpenURLInWebViewActivity" android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize" android:screenOrientation="portrait" > </activity> <receiver android:name="in.Testsdk.broadcastreceiver.WakefullReceiverAppInstall" > <intent-filter android:priority="2147483647" > <action android:name="android.intent.action.PACKAGE_ADDED" /> <action android:name="android.intent.action.PACKAGE_INSTALL" /> <action android:name="android.intent.action.PACKAGE_REMOVED" /> <data android:scheme="package" /> </intent-filter> </receiver> <activity android:name=".RailPaymentWebViewActivity" android:label="@string/title_activity_rail_payment_web_view" android:screenOrientation="portrait"> </activity> </application>
- Cuándo instalar keystore & cuándo instalar sólo el certificado envuelto en keystore
- ¿Cómo puedo establecer SignalR en Android Studio para ignorar los problemas de SSL para el desarrollo
- Aceptar certificados SSL autofirmados-> donde configurar TrustManager predeterminado
- Verificar manualmente el certificado SSL en WebView
- HttpsURLconnection para publicar y obtener en Android
- Alerta de seguridad de Android WebView SSL
- Carga de un archivo a través de SSL con Client Side Certificate y HttpsURLConnection de Android
- ¿Cómo resolver el problema "ingrese la contraseña para el almacenamiento de credenciales"?
Aunque haya eliminado el método onReceivedSslError, algunas o otras bibliotecas, como las pasarelas de pago, etc., podrían seguir utilizando una vista web integrada y, por lo tanto, seguirá recibiendo esa advertencia. Compruebe todas sus bibliotecas o actualícelas. ¡Espero que esto resuelva tu problema!
Debe proporcionar la implementación correcta para el método onReceivedSslError. Respondido aquí Webview evitar alerta de seguridad de google play sobre la implementación de onReceivedSslError