How to address MoPub vulnerabilities in your apps
This information is intended for developers of apps that utilize any version of MoPub, an ad platform, that precedes 4.4.0. These versions contain a security vulnerability.
Please migrate your app(s) to MoPub v4.4.0 or higher as soon as possible and increment the version number of the upgraded APK. Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of MoPub. Your published APK version will remain unaffected, however any updates to the app will be blocked unless you address this vulnerability.
- Download the latest version of Mopub here.
- Contact email@example.com if you need help upgrading.
- Sign in to your Developer Console and submit the updated version of your app.
- Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.
If you’re using a 3rd party library that bundles MoPub, you’ll need to upgrade it to a version that bundles MoPub 4.4.0 or higher.
To confirm the version number if you're building using the Jcenter AAR, you can check your Gradle config and make sure it points to 4.4.0. To confirm the version number if you're building directly from source or not using Gradle, you can check com.mopub.common.MoPub.java for SDK_VERSION.
While these specific issues may not affect every app that uses MoPub, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered in violation of our Malicious Behavior policy and section 4.4 of the Developer Distribution Agreement.
Apps must also comply with the Developer Distribution Agreement and Developer Program Policies. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.