요청한 페이지는 현재 사용 중인 언어로 제공되지 않습니다. 페이지 하단에서 다른 언어를 선택하거나 Chrome에서 기본 제공되는 번역 기능을 사용해 웹페이지를 원하는 언어로 바로 번역할 수 있습니다.

Remediation for Bad OpenSSL Versions

This information is intended for developers with app(s) that utilize a defective version of OpenSSL library directly or indirectly. 

What’s happening

One or more of your apps contain a defective version of OpenSSL library, which can cause your app to crash, thus harming its usability. Even if your app doesn’t depend on the OpenSSL artifact directly, one of the 3rd-party libraries/SDKs in your app’s dependencies may do so.

Fixing this issue is highly recommended but not mandatory. The publication status of your app will be unaffected by the presence of this issue.

Additional details

The ARMv8.3 PAC functionality enables hardware-assisted control flow integrity (CFI) by authenticating pointers (specifically, the return addresses) at runtime. Older versions of OpenSSL use this functionality incorrectly, causing crashes at runtime. This issue was resolved in OpenSSL 1.1.1i. Versions between 1.1.1b and 1.1.1h are affected.

Next Steps 

1. Update your app and fix the "Bad OpenSSL Versions" alert using the steps highlighted below.

2. Submit your updated APK

To submit an updated app bundle or APK:

  1. Go to your Play Console.
  2. Select the app.
  3. Go to the App bundle explorer.
  4. Select the non-compliant APK/app bundle's App version at the top right dropdown menu, and make a note of which releases they are under.
  5. Go to the track with the policy issue. It will be one of these 4 pages: Internal / Closed / Open testing or Production.
  6. Near the top right of the page, click Create new release. (You may need to click Manage track first.)
  7. If the release with the non-compliant APK is in a draft state, discard the release.
  8. Add the policy compliant version of app bundles or APKs.
  9. Make sure the non-compliant version of app bundles or APKs is under the Not included section of this release. For further guidance, please see the "Not included (app bundles and APKs)" section in this Play Console Help article.
  10. To save any changes you make to your release, select Save.
  11. When you've finished preparing your release, select Review release.
  12. If the non-compliant APK is released to multiple tracks, repeat steps 5-9 in each track.

During this time your new app or app update will be in a in review status until your request is reviewed. If the app has not been updated correctly, you will still see the warning.

We’re here to help

If you have technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-stability.” For clarification on steps you need to take to resolve this issue, you can contact our support team.

도움이 되었나요?

어떻게 하면 개선할 수 있을까요?
false
Main menu
7260825006244881411
true
도움말 센터 검색
true
true
true
true
true
5016068
false
false