Android 谷歌Play拒绝应用程序

我正在开发一个Android应用程序，其中包含社交网络登录。 在这个问题之后，我删除了包含“WebViewClient.OnReceivedSlerror”的类。 但当我在谷歌Play商店上传应用程序时，它被拒绝了，并出现以下错误

“如何解决应用程序中的WebView SSL错误处理程序警报。”

我还使用该类在后台无意中发送邮件。 这使用“SSL”和“TrustManagerFactory.X509”。这就是被拒绝的原因吗？ 我想如果这是被拒绝的原因，那么我可能会遇到其他错误，比如“ 由于X509TrustManager的不安全实现，应用程序被Google Play Store拒绝

寻求支持。提前谢谢

---

这是我从Google Play得到的信息

你好，谷歌游戏开发者

我们拒绝了名为com.avonmobility.VISApp的VISApp，因为它违反了我们的恶意行为或用户数据策略。如果您提交了更新，您的应用程序的早期版本仍然可以在Google Play上使用

此应用程序使用的软件包含用户的安全漏洞，或允许在没有适当披露的情况下收集用户数据

以下是在您最近提交的文件中检测到的问题列表和相应的APK版本。请尽快升级您的应用程序，并增加已升级APK的版本号

漏洞APK版本 SSL错误处理程序 有关如何处理WebView SSL错误处理程序警报的更多信息，请参阅本Google帮助中心文章

十五 要确认您已正确升级，请将应用程序的更新版本提交到开发人员控制台，并在五小时后检查以确保警告消失

虽然这些漏洞可能不会影响使用此软件的每个应用程序，但最好在所有安全修补程序上保持最新。确保更新应用程序中存在已知安全问题的所有库，即使您不确定这些问题是否与应用程序相关

应用程序还必须遵守开发者发行协议和开发者计划政策

如果您觉得我们的决定是错误的，请联系我们的开发人员支持团队

最好的

---

Google Play团队

我也有同样的问题，在你的项目中添加这个，创建一个类

                  import org.apache.http.HttpVersion;
       import org.apache.http.conn.ClientConnectionManager;
        import org.apache.http.conn.scheme.PlainSocketFactory;
        import org.apache.http.conn.scheme.Scheme;
       import org.apache.http.conn.scheme.SchemeRegistry;
     import org.apache.http.conn.ssl.SSLSocketFactory;
    import org.apache.http.impl.client.DefaultHttpClient;
        import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
      import org.apache.http.params.BasicHttpParams;
                                import org.apache.http.params.HttpParams;
    import org.apache.http.params.HttpProtocolParams;
       import org.apache.http.protocol.HTTP;

          import java.io.BufferedInputStream;
     import java.io.IOException;
      import java.io.InputStream;
     import java.net.Socket;
     import java.security.KeyManagementException;
     import java.security.KeyStore;
   import java.security.KeyStoreException;
   import java.security.NoSuchAlgorithmException;
   import java.security.UnrecoverableKeyException;
     import java.security.cert.Certificate;
       import java.security.cert.CertificateException;
     import java.security.cert.CertificateFactory;
       import java.security.cert.X509Certificate;

        import javax.net.ssl.HttpsURLConnection;
         import javax.net.ssl.SSLContext;
     import javax.net.ssl.TrustManager;
     import javax.net.ssl.X509TrustManager;


       public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");


public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
    super(truststore);

    X509TrustManager tm = new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };

    sslContext.init(null, new TrustManager[]{tm}, null);
}

@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
    return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}

/**
 * Makes HttpsURLConnection trusts a set of certificates specified by the KeyStore
 */
public void fixHttpsURLConnection() {
    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
}

/**
 * Gets a KeyStore containing the Certificate
 *
 * @param cert InputStream of the Certificate
 * @return KeyStore
 */
public static KeyStore getKeystoreOfCA(InputStream cert) {

    // Load CAs from an InputStream
    InputStream caInput = null;
    Certificate ca = null;
    try {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        caInput = new BufferedInputStream(cert);
        ca = cf.generateCertificate(caInput);
    } catch (CertificateException e1) {
        e1.printStackTrace();
    } finally {
        try {
            if (caInput != null) {
                caInput.close();
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    // Create a KeyStore containing our trusted CAs
    String keyStoreType = KeyStore.getDefaultType();
    KeyStore keyStore = null;
    try {
        keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca", ca);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return keyStore;
}

/**
 * Gets a Default KeyStore
 *
 * @return KeyStore
 */
public static KeyStore getKeystore() {
    KeyStore trustStore = null;
    try {
        trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null, null);
    } catch (Throwable t) {
        t.printStackTrace();
    }
    return trustStore;
}

/**
 * Returns a SSlSocketFactory which trusts all certificates
 *
 * @return SSLSocketFactory
 */
public static SSLSocketFactory getFixedSocketFactory() {
    SSLSocketFactory socketFactory;
    try {
        socketFactory = new MySSLSocketFactory(getKeystore());
        socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    } catch (Throwable t) {
        t.printStackTrace();
        socketFactory = SSLSocketFactory.getSocketFactory();
    }
    return socketFactory;
}

/**
 * Gets a DefaultHttpClient which trusts a set of certificates specified by the KeyStore
 *
 * @param keyStore custom provided KeyStore instance
 * @return DefaultHttpClient
 */
public static DefaultHttpClient getNewHttpClient(KeyStore keyStore) {

    try {
        SSLSocketFactory sf = new MySSLSocketFactory(keyStore);
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        registry.register(new Scheme("https", sf, 443));

        HttpParams params = new BasicHttpParams();
        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
        HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);

        return new DefaultHttpClient(ccm, params);
    } catch (Exception e) {
        return new DefaultHttpClient();
    }
}

}

要解决Google Play警告：WebViewClient.OnReceivedSlerror处理程序

不总是强制处理程序。继续（）；但是您还必须包括handler.cancel（）；因此，用户可以避免加载内容

处理WebViewClient.OnReceivedSlerror处理程序的不安全实现

使用以下代码

 webView.setWebViewClient(new SSLTolerentWebViewClient());
 webView.loadUrl(myhttps url);

您必须提醒用户SSL，以便Google允许您的应用程序执行此操作

I also had SSLCertification issue at the time uploading singed apk.
you have to return true for all your trusted http hosts including 3rd party libraries http.

在这里，我把我如何解决这个问题，对不起，安全我没有把原始路径的链接，这些帮助我

提到了所有存在SSLC认证问题的api，您还必须提到第三方api，您将在运行该代码时得到错误的HTTP链接

---

您使用的后端（服务器端）是否没有有效的SSL证书。如果不是，那么我猜您是在使用X509TrustManager忽略无效SSL证书错误。这是谷歌不能接受的。因此，我建议您为服务器端获取一个有效的SSL证书。@AkhilSoman Hi Akhil，谢谢回复。我也有同样的感觉。但我不知道如何实施它。我问了我的一个朋友，他给了我这个链接：Hi，Thx的可能副本，请回复。你能告诉我在哪里使用这个和调用这个吗？只要在google中创建一个新的classserch，当发送jsonHi Ajay，Thx以获得回复时，你会得到我的调用。我的代码中没有使用Webview。但我不知道为什么会这样。还有什么其他原因呢，伙计？

I also had SSLCertification issue at the time uploading singed apk.
you have to return true for all your trusted http hosts including 3rd party libraries http.

     TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            X509Certificate[] myTrustedAnchors = new X509Certificate[0];
            return myTrustedAnchors;
        }

        @Override
        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
      }};
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession arg1) {
                if (hostname.equalsIgnoreCase("demo.mysite.com") ||
                        hostname.equalsIgnoreCase("prod.mysite.com") ||
                        hostname.equalsIgnoreCase("22.2.202.22:3333") ||
                        hostname.equalsIgnoreCase("cloud.cloudDeveSite.net") ||                            
                        hostname.equalsIgnoreCase("11.2.222.22:2222") ||
                        hostname.equalsIgnoreCase("multispidr.3rdPartyLibrary.io")) {
                    return true;
                } else {
                    return false;
                }
            }
        });