我最近在google play上发布了一个应用程序,我收到了google play团队的一封电子邮件,上面写着:。。。并发现您的应用程序使用的软件包含用户的安全漏洞。具有这些漏洞的应用程序可能会暴露用户信息或损坏用户的设备,并可能被视为违反了我们的恶意行为政策。
以下是在您最近提交的文件中检测到的问题列表和相应的APK版本。请尽快迁移您的应用程序以使用更新后的软件,并增加升级后的APK的版本号。
漏洞:TrustManager
我的应用程序是用Flutter开发的。。。
如果你能帮我的话,我真的不知道该怎么解决。
pubspec.yaml
name: ...
description: ...
version: 1.0.1+2
environment:
sdk: ">=2.1.0 <3.0.0"
dependencies:
flutter:
sdk: flutter
# The following adds the Cupertino Icons font to your application.
# Use with the CupertinoIcons class for iOS style icons.
cupertino_icons: ^0.1.2
#bottom_navy_bar: ^5.3.2
http: ^0.12.2
shared_preferences: ^0.5.6+1
location: ^2.3.5
sqflite: ^1.2.0
path_provider: ^1.6.0
image_picker: ^0.6.3+1
intl: ^0.16.1
country_code_picker: ^1.2.4
multi_image_picker: ^4.6.1
firebase_auth: ^0.16.1
image_cropper: ^1.2.1
validators: ^2.0.0+1
firebase_messaging: ^6.0.9
esys_flutter_share: ^1.0.2
photo_view: ^0.9.1
material_design_icons_flutter: ^3.4.4895
url_launcher: ^5.4.1
cached_network_image: ^2.0.0
encrypt: ^4.0.0
flutter_local_notifications: ^1.1.6
r_scan: ^0.1.3+2
permission_handler: ^4.2.0+hotfix.3
native_contact_picker: ^0.0.6
qr_utils:
path: packages/qr_utils
libphonenumber: ^1.0.1
flutter_cache_manager: ^1.1.3
csv: ^4.0.3
excel: ^1.0.2
pdf: ^1.5.0
printing: any
flutter_swiper: ^1.1.6
flutter_rating_bar: ^3.0.1+1
flutter_native_admob: ^2.1.0
dev_dependencies:
flutter_test:
sdk: flutter
flutter:
uses-material-design: true
assets:
- assets/images/
代码
String url = "https://exemple.com/resources/users/1";
try {
final response = await http.get(url);
if (response.statusCode == 200) {
//parse user
}
} on SocketException {
} catch (ex) {
print(ex.toString());
}
return null;
扑动医生
[√] Flutter (Channel stable, v1.17.3, on Microsoft Windows [version 10.0.10240], locale fr-FR)
• Flutter version 1.17.3 at C:soucesflutter
• Framework revision b041144f83 (8 weeks ago), 2020-06-04 09:26:11 -0700
• Engine revision ee76268252
• Dart version 2.8.4
[√] Android toolchain - develop for Android devices (Android SDK version 30.0.0)
• Android SDK at D:androidandroid-sdk-windows
• Platform android-30, build-tools 30.0.0
• ANDROID_HOME = D:androidandroid-sdk-windows
• Java binary at: C:Program FilesAndroidAndroid Studiojrebinjava
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
• All Android licenses accepted.
[√] Android Studio (version 4.0)
• Android Studio at C:Program FilesAndroidAndroid Studio
• Flutter plugin version 46.0.2
• Dart plugin version 193.7361
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
[√] VS Code (version 1.46.0)
• VS Code at C:UsersUserAppDataLocalProgramsMicrosoft VS Code
• Flutter extension version 3.12.2
[√] Connected device (1 available)
• TECNO WX4 • 0257309828005184 • android-arm • Android 7.0 (API 24)
• No issues found!
这可能是由r_scan库引起的,因为它使用了X509TrustManager的自定义实现。请参阅本期。