Sidan du har begärt finns tyvärr inte på ditt språk för närvarande. Du kan välja ett annat språk längst ned på sidan eller översätta vilken webbsida du vill till valfritt språk direkt med hjälp av den inbyggda översättningsfunktionen i Google Chrome.

Remediation for Bad OpenSSL Versions

This information is intended for developers with app(s) that utilize a defective version of OpenSSL library directly or indirectly. 

What’s happening

One or more of your apps contain a defective version of OpenSSL library, which can cause your app to crash, thus harming its usability. Even if your app doesn’t depend on the OpenSSL artifact directly, one of the 3rd-party libraries/SDKs in your app’s dependencies may do so.

Fixing this issue is highly recommended but not mandatory. The publication status of your app will be unaffected by the presence of this issue.

Additional details

The ARMv8.3 PAC functionality enables hardware-assisted control flow integrity (CFI) by authenticating pointers (specifically, the return addresses) at runtime. Older versions of OpenSSL use this functionality incorrectly, causing crashes at runtime. This issue was resolved in OpenSSL 1.1.1i. Versions between 1.1.1b and 1.1.1h are affected.

Next Steps 

1. Update your app and fix the "Bad OpenSSL Versions" alert using the steps highlighted below.

2. Submit your updated APK

To submit an updated app bundle or APK:

  1. Go to your Play Console.
  2. Select the app.
  3. Go to the App bundle explorer.
  4. Select the non-compliant APK/app bundle's App version at the top right dropdown menu, and make a note of which releases they are under.
  5. Go to the track with the policy issue. It will be one of these 4 pages: Internal / Closed / Open testing or Production.
  6. Near the top right of the page, click Create new release. (You may need to click Manage track first.)
  7. If the release with the non-compliant APK is in a draft state, discard the release.
  8. Add the policy compliant version of app bundles or APKs.
  9. Make sure the non-compliant version of app bundles or APKs is under the Not included section of this release. For further guidance, please see the "Not included (app bundles and APKs)" section in this Play Console Help article.
  10. To save any changes you make to your release, select Save.
  11. When you've finished preparing your release, select Review release.
  12. If the non-compliant APK is released to multiple tracks, repeat steps 5-9 in each track.

During this time your new app or app update will be in a in review status until your request is reviewed. If the app has not been updated correctly, you will still see the warning.

We’re here to help

If you have technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-stability.” For clarification on steps you need to take to resolve this issue, you can contact our support team.
false
Main menu
9335471980228810629
true
Sök i hjälpcentret
true
true
true
true
true
5016068
false
false