Google Play 商店基于漏洞拒绝应用程序,我如何证明我已经删除了它?
Google Play store refused app based on a vulnerability, how can I prove I have removed it?
我下载了开源项目 Linphone,并相应地构建了它,构建后我将项目导入 Eclipse 并尝试在布局中进行一些自定义,现在我想将应用程序上传到 Play 商店,但是这个错误或拒绝我收到:
Hello Google Play Developer,
We rejected your app, with package name org.xxxxxx, for violating our
Malicious Behavior or User Data policy. If you submitted an update,
the previous version of your app is still available on Google Play.
This app uses software that contains security vulnerabilities for
users or allows the collection of user data without proper disclosure.
Below is the list of issues and the corresponding APK versions that
were detected in your recent submission. Please upgrade your app(s) as
soon as possible and increment the version number of the upgraded APK.
Vulnerability APK Version(s) Portable SDK for UPnP Devices The
vulnerabilities were fixed in libupnp v1.6.18 and higher. For more
information and next steps, please see this Google Help Center
article.
2511 To confirm you’ve upgraded correctly, submit the updated version
of your app to the Developer Console and check back after five hours
to make sure the warning is gone.
While these vulnerabilities may not affect every app that uses this
software, it’s best to stay up to date on all security patches. Make
sure to update any libraries in your app that have known security
issues, even if you're not sure the issues are relevant to your app.
Apps must also comply with the Developer Distribution Agreement and
Developer Program Policies.
If you feel we have made this determination in error, please reach out
to our policy support team.
如何更新 linphone Android 项目中的 upnp sdk 并解决此问题?
我用最新版本文件更改了 submodules/externals/build/libupnp 中的 libupnp 文件,
但更新版本仍然面临这种拒绝:
这里是 build.gradle
已编辑
build.gradle
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'com.android.tools.build:gradle:1.0.0'
}
}
apply plugin: 'android'
dependencies {
compile fileTree(dir: 'libs', include: '*.jar')
}
android {
compileSdkVersion 22
buildToolsVersion "20.0.0"
sourceSets {
main {
manifest.srcFile 'AndroidManifest.xml'
java.srcDirs = ['submodules/linphone/mediastreamer2/java/src','submodules/linphone/java/j2se','submodules/linphone/java/common','submodules/linphone/java/impl','submodules/externals/axmlrpc/src/main/java','submodules/linphone/coreapi/help/java','src']
resources.srcDirs = ['submodules/linphone/mediastreamer2/java/src','submodules/linphone/java/j2se','submodules/linphone/java/common','submodules/linphone/java/impl','submodules/externals/axmlrpc/src/main/java','submodules/linphone/coreapi/help/java','src']
aidl.srcDirs = ['submodules/linphone/mediastreamer2/java/src','submodules/linphone/java/j2se','submodules/linphone/java/common','submodules/linphone/java/impl','submodules/externals/axmlrpc/src/main/java','submodules/linphone/coreapi/help/java','src']
renderscript.srcDirs = ['submodules/linphone/mediastreamer2/java/src','submodules/linphone/java/j2se','submodules/linphone/java/common','submodules/linphone/java/impl','submodules/externals/axmlrpc/src/main/java','submodules/linphone/coreapi/help/java','src']
res.srcDirs = ['res']
assets.srcDirs = ['assets']
jniLibs.srcDir 'libs'
java.exclude '**/mediastream/MediastreamerActivity.java'
}
// Move the tests to tests/java, tests/res, etc...
instrumentTest.setRoot('tests')
// Move the build types to build-types/<type>
// For instance, build-types/debug/java, build-types/debug/AndroidManifest.xml, ...
// This moves them out of them default location under src/<type>/... which would
// conflict with src/ being used by the main source set.
// Adding new build types or product flavors should be accompanied
// by a similar customization.
debug.setRoot('build-types/debug')
release.setRoot('build-types/release')
}
}
我的代码工作得很好,应用程序没有崩溃。 logcat 仅显示详细信息。那么 libupnp 版本有什么问题呢? Google Play 根本不接受我的应用程序,即使我从子模块中删除了 libpnp 文件,运行 设备上的应用程序发现它运行良好,然后更新版本代码,生成签名的 apk,然后上传版本Google 玩开发者。他们回复说他们拒绝发布,因为 libpnp 包含漏洞;但是我的项目不包含任何 libupnp 文件。
这就是他们提到的:support.google.com/faqs/answer/6346109;我做了所有的升级,但仍然拒绝。我删除了项目中的 upnp 库文件,从项目中删除了 libupnp 的引用代码,但他们仍然说您的应用程序存在漏洞。项目中没有文件,没有代码,就一定没有漏洞吧?
不幸的是,liblinphone 本身包含易受攻击的库。
截至 2016 年 9 月 2 日,从 linphone.org 下载 linphone-latest.apk 并在里面搜索显示
UPnP/1.0, Portable SDK for UPnP devices/1.6.17
在他们更新之前,除了要求他们更新之外,您无能为力。
好的,我已经解决了问题并将我自己的问题的答案放在这里,我所要做的就是从 git 下载更新的文件,在互联网上很容易找到,然后我不得不重建该项目和最新版本的 linphone 具有 libupnp v1.6.9,可以避免漏洞。所以现在完全没有问题。
@Addi.Star 感谢您分享信息。我检查了这个问题,发现他们将 Upnp Lib 更新为 1.6.19,它也在 upnpconfig.h 中发表了评论
库版本(字符串)例如“1.3.0”
UPNP_VERSION_STRING“1.6.19”
我使用了它并更新了子模块。比我用 LinPhone 发布的最新版本的 SDK 编译它,但应用程序仍然被拒绝。
LinPhone 还建议我使用 Lib 并更新子模块,但是当 Lib 版本本身定义 1.6.19
时没有任何帮助
我下载了开源项目 Linphone,并相应地构建了它,构建后我将项目导入 Eclipse 并尝试在布局中进行一些自定义,现在我想将应用程序上传到 Play 商店,但是这个错误或拒绝我收到:
Hello Google Play Developer,
We rejected your app, with package name org.xxxxxx, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.
Vulnerability APK Version(s) Portable SDK for UPnP Devices The vulnerabilities were fixed in libupnp v1.6.18 and higher. For more information and next steps, please see this Google Help Center article.
2511 To confirm you’ve upgraded correctly, submit the updated version of your app to the Developer Console and check back after five hours to make sure the warning is gone.
While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app.
Apps must also comply with the Developer Distribution Agreement and Developer Program Policies.
If you feel we have made this determination in error, please reach out to our policy support team.
如何更新 linphone Android 项目中的 upnp sdk 并解决此问题? 我用最新版本文件更改了 submodules/externals/build/libupnp 中的 libupnp 文件,
但更新版本仍然面临这种拒绝:
这里是 build.gradle
已编辑
build.gradle
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'com.android.tools.build:gradle:1.0.0'
}
}
apply plugin: 'android'
dependencies {
compile fileTree(dir: 'libs', include: '*.jar')
}
android {
compileSdkVersion 22
buildToolsVersion "20.0.0"
sourceSets {
main {
manifest.srcFile 'AndroidManifest.xml'
java.srcDirs = ['submodules/linphone/mediastreamer2/java/src','submodules/linphone/java/j2se','submodules/linphone/java/common','submodules/linphone/java/impl','submodules/externals/axmlrpc/src/main/java','submodules/linphone/coreapi/help/java','src']
resources.srcDirs = ['submodules/linphone/mediastreamer2/java/src','submodules/linphone/java/j2se','submodules/linphone/java/common','submodules/linphone/java/impl','submodules/externals/axmlrpc/src/main/java','submodules/linphone/coreapi/help/java','src']
aidl.srcDirs = ['submodules/linphone/mediastreamer2/java/src','submodules/linphone/java/j2se','submodules/linphone/java/common','submodules/linphone/java/impl','submodules/externals/axmlrpc/src/main/java','submodules/linphone/coreapi/help/java','src']
renderscript.srcDirs = ['submodules/linphone/mediastreamer2/java/src','submodules/linphone/java/j2se','submodules/linphone/java/common','submodules/linphone/java/impl','submodules/externals/axmlrpc/src/main/java','submodules/linphone/coreapi/help/java','src']
res.srcDirs = ['res']
assets.srcDirs = ['assets']
jniLibs.srcDir 'libs'
java.exclude '**/mediastream/MediastreamerActivity.java'
}
// Move the tests to tests/java, tests/res, etc...
instrumentTest.setRoot('tests')
// Move the build types to build-types/<type>
// For instance, build-types/debug/java, build-types/debug/AndroidManifest.xml, ...
// This moves them out of them default location under src/<type>/... which would
// conflict with src/ being used by the main source set.
// Adding new build types or product flavors should be accompanied
// by a similar customization.
debug.setRoot('build-types/debug')
release.setRoot('build-types/release')
}
}
我的代码工作得很好,应用程序没有崩溃。 logcat 仅显示详细信息。那么 libupnp 版本有什么问题呢? Google Play 根本不接受我的应用程序,即使我从子模块中删除了 libpnp 文件,运行 设备上的应用程序发现它运行良好,然后更新版本代码,生成签名的 apk,然后上传版本Google 玩开发者。他们回复说他们拒绝发布,因为 libpnp 包含漏洞;但是我的项目不包含任何 libupnp 文件。
这就是他们提到的:support.google.com/faqs/answer/6346109;我做了所有的升级,但仍然拒绝。我删除了项目中的 upnp 库文件,从项目中删除了 libupnp 的引用代码,但他们仍然说您的应用程序存在漏洞。项目中没有文件,没有代码,就一定没有漏洞吧?
不幸的是,liblinphone 本身包含易受攻击的库。
截至 2016 年 9 月 2 日,从 linphone.org 下载 linphone-latest.apk 并在里面搜索显示
UPnP/1.0, Portable SDK for UPnP devices/1.6.17
在他们更新之前,除了要求他们更新之外,您无能为力。
好的,我已经解决了问题并将我自己的问题的答案放在这里,我所要做的就是从 git 下载更新的文件,在互联网上很容易找到,然后我不得不重建该项目和最新版本的 linphone 具有 libupnp v1.6.9,可以避免漏洞。所以现在完全没有问题。
@Addi.Star 感谢您分享信息。我检查了这个问题,发现他们将 Upnp Lib 更新为 1.6.19,它也在 upnpconfig.h 中发表了评论 库版本(字符串)例如“1.3.0” UPNP_VERSION_STRING“1.6.19” 我使用了它并更新了子模块。比我用 LinPhone 发布的最新版本的 SDK 编译它,但应用程序仍然被拒绝。 LinPhone 还建议我使用 Lib 并更新子模块,但是当 Lib 版本本身定义 1.6.19
时没有任何帮助