How to fix apps with the Vitamio vulnerability
This information is intended for developers of apps that utilize any version of the Vitamio multimedia library that precedes version 5.0. These versions contain a security vulnerability and are in violation of the Dangerous products provision of the Content Policy, and section 4.4 of the Developer Distribution Agreement.
Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK. Beginning 14 March 2016, Google Play will block publishing of any new apps or updates that use pre-5.0 versions of Vitamio.
The vulnerability was addressed in Vitamio 5.0. The latest versions of the Vitamio SDK can be downloaded on the Vitamio website. You can confirm your Vitamio version by checking if the SDK includes libs/armeabi-v7a/libvinit.so or libs/armeabi/libvinit.so. If either file is present, the SDK needs to be upgraded. For help upgrading, see the Vitamio support documentation. You can contact Vitamio support by emailing email@example.com. If you’re using a 3rd party library that bundles Vitamio, you’ll need to upgrade it to a version that bundles Vitamio 5.0 or later.
To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.
The vulnerability is due to the Vitamio SDK containing world-writable code. For more information about the vulnerability, please see this NowSecure blog post. For other technical questions, you can post to Stack Overflow and use the tags “android-security” and “vitamio.”
While these specific issues may not affect every app that uses Vitamio, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered dangerous products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.
Apps must also comply with the Developer Distribution Agreement and Content Policy. If you feel we have sent you a Vitamio vulnerability warning in error, contact our policy support team through the Google Play Developer Help Center.