Google 播放警告:您的应用可能正在泄露开发者凭据
Google Play warning: Your App may be leaking developer credentials
请解释一下,这是什么?
我收到了来自 GP 的消息,内容如下:
Hello Google Play Developer,
We detected that your app(s) listed at the end of this email are
potentially leaking credentials used to make network requests (HTTP
and FTP).
Please check for cases where you use url-encoded basic access
authentication, for example a URL such as
https://username:password@www.example.com/. We recommend that you
immediately change the credentials and redesign your app to avoid
including them.
Next steps
Sign in to your Developer Console and submit the updated version of your app.
Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.
Exposed developer credentials can allow an attacker to compromise your
systems which puts user data at risk. For other technical questions
about the vulnerability, you can post to Stack Overflow and use the
tag “android-security.”
We’re here to help
If you feel we have sent this warning in error, you can contact our
developer support team.
Regards,
The Google Play Team
我不明白我的应用程序有什么问题,请帮助我。我应该在我的应用程序中更改什么?
我在我的免费和付费应用程序中包含了 Appodeal 库。我最近收到了这个警告,我删除了 Appodeal 并且在 Google Play 中不再有警告。尽管我没有在 Premium 中使用广告,但我在二进制文件中包含了 Appodeal 库,因为它们是同一个 Android Studio 项目的不同风格。看起来像他们的问题。几天前我出于不同的原因 (https://medium.com/@greenrobotllc/response-to-1-star-review-problem-ads-auto-opening-app-store-on-lolcats-android-f1c7b7991caa#.milc5rcvs) 从我的免费应用程序中删除了 Appodeal。在免费更新到 Google 大约一天后,我收到了这封关于我尚未更新的高级版本的确切电子邮件。
所以请检查您的第 3 方库。
我可以确认,如果您使用的是 Appodeal SDK,您将作为开发人员收到此警报。我已经联系了 Appodeal 支持,这是他们的回答:
Ivan Prokopenko: Hi Pablo! we found the problem. It was problem with network, we contacted with support of network. We'll update SDK in next future, it will solve the problem. but don't worry, it's not critical
mytarget SDK和Appodeal SDK有同样的问题。我们也联系了 mytarget 支持,这是他们的回答:
Hello Yan, Thank you for reaching out.
No credentials and any personal data was involved, so no problem with
leaking any data with our SDK. But to prevent the Google Play to
display the warning yesterday we updated our SDK - latest version is
4.5.1. Here is the change log - "Changed format of internal constant, because of which Google Play could display warning».
So for your next update you can update our SDK. You can download
latest version there -
https://bintray.com/mytarget/maven/mytarget-sdk/view#files/com/my/target/mytarget-sdk
Please let me know if you have any questions.
所以请检查您的第 3 方库。
Andy、Pablo 和其他访问过此主题的优秀人士。
问题最近解决了。
您只需将 Appodeal SDK 更新到最新版本(1.14.15 版)即可。
您可以在我们的 docs
中找到它
您还可以下载 Android SDK here(本机 Android)。
此致,
安德鲁
Appodeal 支持团队。
请解释一下,这是什么?
我收到了来自 GP 的消息,内容如下:
Hello Google Play Developer,
We detected that your app(s) listed at the end of this email are potentially leaking credentials used to make network requests (HTTP and FTP).
Please check for cases where you use url-encoded basic access authentication, for example a URL such as https://username:password@www.example.com/. We recommend that you immediately change the credentials and redesign your app to avoid including them.
Next steps
Sign in to your Developer Console and submit the updated version of your app. Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.Exposed developer credentials can allow an attacker to compromise your systems which puts user data at risk. For other technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-security.”
We’re here to help
If you feel we have sent this warning in error, you can contact our developer support team.
Regards,
The Google Play Team
我不明白我的应用程序有什么问题,请帮助我。我应该在我的应用程序中更改什么?
我在我的免费和付费应用程序中包含了 Appodeal 库。我最近收到了这个警告,我删除了 Appodeal 并且在 Google Play 中不再有警告。尽管我没有在 Premium 中使用广告,但我在二进制文件中包含了 Appodeal 库,因为它们是同一个 Android Studio 项目的不同风格。看起来像他们的问题。几天前我出于不同的原因 (https://medium.com/@greenrobotllc/response-to-1-star-review-problem-ads-auto-opening-app-store-on-lolcats-android-f1c7b7991caa#.milc5rcvs) 从我的免费应用程序中删除了 Appodeal。在免费更新到 Google 大约一天后,我收到了这封关于我尚未更新的高级版本的确切电子邮件。
所以请检查您的第 3 方库。
我可以确认,如果您使用的是 Appodeal SDK,您将作为开发人员收到此警报。我已经联系了 Appodeal 支持,这是他们的回答:
Ivan Prokopenko: Hi Pablo! we found the problem. It was problem with network, we contacted with support of network. We'll update SDK in next future, it will solve the problem. but don't worry, it's not critical
mytarget SDK和Appodeal SDK有同样的问题。我们也联系了 mytarget 支持,这是他们的回答:
Hello Yan, Thank you for reaching out.
No credentials and any personal data was involved, so no problem with leaking any data with our SDK. But to prevent the Google Play to display the warning yesterday we updated our SDK - latest version is 4.5.1. Here is the change log - "Changed format of internal constant, because of which Google Play could display warning».
So for your next update you can update our SDK. You can download latest version there - https://bintray.com/mytarget/maven/mytarget-sdk/view#files/com/my/target/mytarget-sdk
Please let me know if you have any questions.
所以请检查您的第 3 方库。
Andy、Pablo 和其他访问过此主题的优秀人士。
问题最近解决了。
您只需将 Appodeal SDK 更新到最新版本(1.14.15 版)即可。
您可以在我们的 docs
中找到它您还可以下载 Android SDK here(本机 Android)。
此致, 安德鲁
Appodeal 支持团队。