Google Play alert about OpenSSL

  • i checked that but i think i had the latest version but i couldn't find anyplace that said the version but it was the September update and that was the newest one i could find

  • at least its working for every one now ......thanx for all the help every one

  • And it is back to not working

  • I just received threatening Google Play email also. Any advice as i certainly don't want my GP account banned.

  • Hello(excuse my english),

    I received the email from google play also for my application "Multiplicator."

    MAIL :

    Your app net.multiplicator.multiplication.table is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible.

    The vulnerabilities were addressed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL""). For more information about the vulnerability, please consult http://www.openssl.org/news/secadv_20140605.txt.

    To confirm that you’ve upgraded correctly, upload the updated version to the Developer Console and check and after five hours.

    Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

    Regards,

    Google Play Team

    Does anyone know where this comes from?

    1) Admob plugin?

    2) Construct + crosswalk?

    My APK dated November 23, 2014 via crosswalk.

    Thank you for your help.

  • messages are back for me to and the dates on them say there the same alert from before... still no alert on my app that i used cocoonjs ....but that could still be the admob plugin becuse you dont use it in cocoon my crosswalk is the september 7th update

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Did this issue get fix for anyone?

  • just talked to google help

    (1) Jessikah Watson

    More â–¼

    This chat is no longer off the record

    Murphy 2:31 PM

    Hi there, thanks for contacting Google Play Developer Support!

    Is the error there now? Yesterday the message was intermittent, but it should be stuck in the console now.

    me 2:32 PM

    yes

    so i do have an error that needs to be taken care of?

    Murphy 2:32 PM

    Yes, if you see the alert, you'll need to update the OpenSSL in your app.

    me 2:33 PM

    would you have any info on what part of my app need the up date

    Murphy 2:34 PM

    Specifically, the OpenSSL part. The entire package, as there's a security leak in the code.

    me 2:35 PM

    do you know if the latest virsion of crosswalk has been having this error

    i use construct 2 then i wrap it in intel "xdk crosswalk"

    Murphy 2:36 PM

    I don't, unfortunately. This message is specifically about SSL, so I would grab the latest update and update your APK.

    https://www.openssl.org/

    me 2:37 PM

    thanx

    do you know how long i have?

    till the game gets removed

    Murphy 2:37 PM

    Currently, there's no deadline at the moment, our policy team has just states "ASAP".

    me 2:39 PM

    ok im part of a game maker fourm that use the program construct 2....and were working on it ...but no secsuss yet

    any more info you can give me that mite be useful to us figuring it out?

    Murphy 2:41 PM

    I don't have much info, unfortunately. Our policy team has only stressed that Developers update OpenSSL within their APK's as soon as possible.

    I don't have any development support for you, I'm sorry.

    me 2:41 PM

    its ok....if the error go's away again will it come back like it did this time

    Murphy 2:42 PM

    Yesterday was a hiccup, as it was prematurely announced. The message will now be permanent until the SSL is updated in the APK.

    You can unpublish the app if you'd like to work on it without worry about the app being removed.

    me 2:43 PM

    if the game gets removed dose my acount get intruble or band?

    Murphy 2:44 PM

    Your account wont be banned for only one app being suspended. More than 3 might be an issue for my policy team.

    me 2:44 PM

    and if i do get beand what do i have to do to get it unband?

    Murphy 2:45 PM

    If your app gets suspended, our policy team will notify you and provide instructions on how to fix and appeal the decision via email.

    me 2:46 PM

    and if i get banned?

    Murphy 2:48 PM

    Same email, just a different workflow for appeal. I think it's actually the same link.

    I would concentrate more on fixing your app. Suspensions can be fixed.

    me 2:48 PM

    ok so its at least possible lol...thanx for all your help im gonna post this conversation on our forum and hopefully we can figyear it out soon

    Murphy 2:49 PM

    Okay, good luck!

    Have a good day.

    me 2:49 PM

    you too and again thanx for the help

  • so basically theres an error and it needs fixing lol

    and no we haven't found a fix yet but were working on it...and this fourm will get it done

    ps. sorry for all my bad spelling

  • There's another thread about this: google-play-security-alert_t121002

    ...and it looks like AdMob plug-in isn't the problem.

    Might be Intel XDK itself... I found this: https://software.intel.com/en-us/forums/topic/537301

    So maybe IntelRobert can give us an idea about what's going on and what to do to fix it? crosswalk-intel-xdk-experiences_t101139?start=810

  • i know it will get fixed the big question for me is how long it will take and is it worth the risk to leave up the games or should we unpublish them while we wait

  • Seems to be an XDK only issue... Well am waiting for any positive solutions.

    Funny how Google always has a no-reply system.

  • My app has this as well, Open SSL issue, Admob, Crosswalk and XDK from Intel so the issue is in there!

    Hope this gets addressed asap. Thanks in advance.

  • Must be an XDK issue, Ive got the email on a game with no plugins (admob etc) straight from C2 to XDK to googleplay.

    Intel are aware....https://software.intel.com/en-us/forums/topic/537301

  • I also got the alert on my 4 apps. The interesting thing is that alert dates are pretty old - for my 2 apps it's dating back from this June (they were published in March and April), for other two dates are 2-3 days after apps were actually published (November, beginning of December. As I remember, June was the time when this OpenSSL issue was first addressed in public. So, basically, alerts were existing for quite a while, but they were not visible to us. Now, Google decided to announce them. It's not C2 specific - two of my apps were made in Flash/AIR, they also got alerts in the same time as my C2/Crosswalk apps.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)