I am trying to upload my application to the play store, but I received the following error:
"OpenSSL The vulnerabilities were addressed in OpenSSL 1.0.2f / 1.0.1r. To confirm your OpenSSL version, you can do a grep search for: \ $ unzip -p YourApp.apk | strings | grep "OpenSSL"
I wanted to see if someone has gone through the same error and how to solve it, since searching the internet I have not found the solution now.
I translate what is indicated by the Google documentation about this error:
This information is intended for application developers with static links to OpenSSL versions preceding 1.0.2f / 1.0.1r. These versions contain security vulnerabilities.
Please migrate your application to OpenSSL 1.0.2f / 1.0.1r or higher as soon as possible and increase the version number of the updated APK file. As of 11 July 2016 , Google Play will block the publication of new applications or updates that use previous versions of OpenSSL. Your version of the published application will not be affected, however application updates will be blocked unless they are addressed to this vulnerability.
Next steps:
The vulnerabilities were addressed in OpenSSL 1.0.2f / 1.0.1r. The latest versions of OpenSSL can be downloaded here . To confirm the OpenSSL version, you can do a search by ( $ unzip -p YourApp.apk | strings | grep "OpenSSL" ).
If you are using a third-party library that uses OpenSSL, you will need to upgrade your library to a version that uses OpenSSL 1.0.2f / 1.0.1r or higher.
The vulnerabilities include " deadlock " (logjam) and CVE-2015-3194 . The logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit grade export cryptography. This allows the attacker to read and modify all the data that passes through the connection. Details about other vulnerabilities are available here . For other technical questions, you can ask at Stackoverflow using the "android-security" and "OpenSSL" tags.
Although these problems do not affect all applications that use the previous OpenSSL versions 1.0.2f / 1.0.1r, it is best to keep abreast of all security patches. Applications with vulnerabilities that expose users to risk of compromise may be considered in violation of our policies on Malicious Behavior and the section 4.4 of the Distribution Agreement.
Before publishing applications, please make sure they are compatible with the Distribution Agreement and Content Policy . If you feel we have sent you an OpenSSL notice in error, please contact our support team at Google Play Developer Help Center .