Your app is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible.
The vulnerabilities were addressed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via ("$ unzip -p YourApp.apk | strings | grep “OpenSSL”"). For more information about the vulnerability, please consult http://www.openssl.org/news/secadv_20140605.txt.
I have using cocos2d-x version 3.2. When I test apk with above unzip command I get openssl version of apk is 1.0.1h. In Google play email mentioned that 1.0.1h are in list of vulnerabilities. I need to update openssl to 1.0.1j. How do I update?
Please suggest as soon as possible because If I am not uploading fixed build on Google play store It should remove app from play store?
I have also receive the same mail regarding the vulnerabilities were addressed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. Kindly let us know how to update?
Ya even I am getting for all the apps that I have on the app store. THis is time everything was in caps and look like google is serious about it. There are saying they will remove the app if action is not taken. Pretty scary.
@gbvbahia01 The link, you have posted, is old or outdated link. We require updated Open SSL versions 1.0.1j and not 1.0.1h(Outdated version).
Msg from play store -
“The vulnerabilities were addressed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za.”
It’s curiosity.
I didn’t received those email from google after I updated openssl to the version which cocos2d-x guys had been updated for my android app yet.
I will check my gmail account every day from now if there’s something about openssl.
