La page que vous avez demandée n'est pas disponible dans votre langue pour le moment. Vous pouvez sélectionner une autre langue au bas de la page ou traduire instantanément une page Web dans une langue de votre choix en utilisant la fonctionnalité de traduction intégrée à Google Chrome.

Remediation for Bad OpenSSL Versions

This information is intended for developers with app(s) that utilize a defective version of OpenSSL library directly or indirectly. 

What’s happening

One or more of your apps contain a defective version of OpenSSL library, which can cause your app to crash, thus harming its usability. Even if your app doesn’t depend on the OpenSSL artifact directly, one of the 3rd-party libraries/SDKs in your app’s dependencies may do so.

Fixing this issue is highly recommended but not mandatory. The publication status of your app will be unaffected by the presence of this issue.

Additional details

The ARMv8.3 PAC functionality enables hardware-assisted control flow integrity (CFI) by authenticating pointers (specifically, the return addresses) at runtime. Older versions of OpenSSL use this functionality incorrectly, causing crashes at runtime. This issue was resolved in OpenSSL 1.1.1i. Versions between 1.1.1b and 1.1.1h are affected.

Next Steps 

1. Update your app and fix the "Bad OpenSSL Versions" alert using the steps highlighted below.

2. Submit your updated APK

To submit an updated app bundle or APK:

  1. Go to your Play Console.
  2. Select the app.
  3. Go to the App bundle explorer.
  4. Select the non-compliant APK/app bundle's App version at the top right dropdown menu, and make a note of which releases they are under.
  5. Go to the track with the policy issue. It will be one of these 4 pages: Internal / Closed / Open testing or Production.
  6. Near the top right of the page, click Create new release. (You may need to click Manage track first.)
  7. If the release with the non-compliant APK is in a draft state, discard the release.
  8. Add the policy compliant version of app bundles or APKs.
  9. Make sure the non-compliant version of app bundles or APKs is under the Not included section of this release. For further guidance, please see the "Not included (app bundles and APKs)" section in this Play Console Help article.
  10. To save any changes you make to your release, select Save.
  11. When you've finished preparing your release, select Review release.
  12. If the non-compliant APK is released to multiple tracks, repeat steps 5-9 in each track.

During this time your new app or app update will be in a in review status until your request is reviewed. If the app has not been updated correctly, you will still see the warning.

We’re here to help

If you have technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-stability.” For clarification on steps you need to take to resolve this issue, you can contact our support team.

Ces informations vous-ont elles été utiles ?

Comment pouvons-nous l'améliorer ?
false
Main menu
8326678146385726838
true
Rechercher dans le centre d'aide
true
true
true
true
true
5016068
false
false