Google Play Uyarı HostnameVerifier
Selamlar,
Hello Google Play Developer,
Your app(s) listed at the end of this email have an unsafe implementation of the HostnameVerifier interface, which accepts all hostnames when establishing an HTTPS connection to a remote host with the setDefaultHostnameVerifier API, thereby making your app vulnerable to man-in-the-middle attacks. An attacker could read transmitted data (such as login credentials), and even change the data transmitted on the HTTPS connection.
What's happening
Beginning March 1, 2017, Google Play will block publishing of any new apps or updates that use an unsafe implementation of HostnameVerifier. Your published APK version will remain unaffected, however any updates to the app will be blocked unless you address this vulnerability.
Action required: To properly handle hostname verification, change the verify method in your custom HostnameVerifier interface to return false whenever the hostname of the server does not meet your expectations.
Next steps
Update your app using the steps highlighted above.
Sign in to your Developer Console and submit the updated version of the app.
Check back after five hours; we'll show a warning message if the app hasn't been updated correctly.
We're here to help
If you have technical questions about the vulnerability, you can post to Stack Overflow and use the tag "android-security." For clarification on steps you need to take to resolve this issue, please contact our developer support team.
Regards,
The Google Play Team
Google Play'den yukarıdaki şekilde uyarı mesajı geldi, araştırmalardan bir sonuç elde edemedim.Google Play yazdıım oradan da cevap alamadım.
Bu konunun çözümü ile ilgili yardımcı olunursa çok memnun olurum.
Saygılarımla,