How to fix “Vulnerable libraries with known security issues” alerts
To resolve this issue, you can take one of the following three actions for each detected unsafe library:
Use an up-to-date version of the library: If the app has a direct dependency on the detected unsafe version of a library, and the security issue has been resolved in the latest version of that library, rebuilding the app with the latest version will resolve the issue.
Contact the library developer: It is possible that the library is still maintained but the security issue has not yet been fixed. It is also possible that the app has a transitive dependency on the detected unsafe library (i.e., the app directly depends on a library, which in turn depends on the unsafe library). Under such circumstances, contact the library developer to fix the issue.
- Find an alternative: If the unsafe library with one or more security issues is no longer maintained, please find and use a safe alternative library.
Update your app using the steps highlighted above.
- Sign in to your Play Console and submit the updated version of your app.
Your app will be reviewed again; if the app has not been updated correctly, you will still see the warning. This process can take several hours.
We’re here to help
If you have technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-security.”