我收到一封来自谷歌的电子邮件,主题如下:Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler"
以下是我的方法实现(WebView客户端):
public class MyBrowser extends WebViewClient {
boolean timeout;
public MyBrowser() {
timeout = true;
}
@Override
public void onPageStarted(WebView view, String url, Bitmap favicon) {
try {
progressBar.setVisibility(View.VISIBLE);
}catch(Exception e){
e.printStackTrace();
}
}
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
view.loadUrl(url);
return true;
}
public void onPageFinished(WebView view, String url) {
try{
progressBar.setVisibility(View.GONE);
webView.setVisibility(View.VISIBLE);
}catch(Exception e){
Log.e("Exception", e.toString());
Crashlytics.logException(e);
}
}
@Override
public void onReceivedError(WebView view, int errorCode,
String description, String failingUrl) {
isBack=true;
if (!CommonUtility.isNetworkAvailable()) {
view.loadUrl("file:///android_asset/error.html");
}
}
}
在第一次警告之后,我从WebClient中删除了onReceivedSslError方法,并上传了新的构建,但我再次从Google Play中收到了同样的警告。他们推荐我:-"看起来18版仍然存在该漏洞。请重新检查应用程序的清单文件,这次要更仔细,以确保该漏洞已被解决。"
这是我的清单文件:-(请帮助我摆脱这个问题)
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="in.test"
android:installLocation="auto"
android:versionCode="18"
android:versionName="2.0" >
<uses-sdk
android:minSdkVersion="14"
android:targetSdkVersion="21" />
<!-- GCM Permisssions -->
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<!--
Creates a custom permission so only this app can receive its messages.
NOTE: the permission *must* be called PACKAGE.permission.C2D_MESSAGE,
where PACKAGE is the application's package name.
-->
<permission
android:name="in.Sptest.permission.C2D_MESSAGE"
android:protectionLevel="signature" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.RECEIVE_SMS" />
<uses-permission android:name="android.permission.READ_SMS" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.GET_TASKS" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<application
android:name=".application.TestApplication"
android:hardwareAccelerated="true"
android:icon="@drawable/logo"
android:label="@string/app_name"
tools:replace="android:icon,android:name" >
<activity
android:name=".LauncherScreen"
android:hardwareAccelerated="true"
android:label="@string/title_activity_main"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".MainActivity"
android:hardwareAccelerated="true"
android:label="@string/title_activity_main"
android:noHistory="false"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".URLActivity"
android:label="@string/app_name"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".SplashActivity"
android:label="@string/app_name"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".activities.ActivityIntro"
android:label="@string/app_name"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity
android:name=".Login_test"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".fragment.FragmentActivityNumberVerification"
android:icon="@drawable/app_icon"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".BrowserScreen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".activities.TermsActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".DataCardRecharge"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".UserFeedBack"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".PostpaidMobileRecharge"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".PrepaidMobileRecharge"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".Recharge"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailBooking"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ProfileDetails"
android:label="@string/title_activity_profile_details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailTransactionhistory"
android:label="@string/title_activity_transactionhistory"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".GetPhoneContact"
android:label="@string/title_activity_get_phone_contact"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".TariffPlans"
android:label="@string/title_activity_tariff_plans"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".TrnsactionHistory_Details"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailTrnsactionHistory_Details"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".MyProfile"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ZaakPAyResponse"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ZaakPAyResponseRailBooking"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailTicket_PNR"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".PNRStatusDetails"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailTicket_History"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".activities.ActivityFavouriteDialog"
android:screenOrientation="portrait"
android:theme="@android:style/Theme.Translucent.NoTitleBar" />
<activity
android:name=".PassenderHistory"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" />
<!-- Copy below Activity Declarations inside <application></application> tag in AndroidManifest.xml of your application -->
<!-- Wallet SDK Activity Classes Start Here -->
<!-- Wallet SDK Activity Classes End Here -->
<activity
android:name=".TariffPlansActivity"
android:label="@string/title_activity_tariff_plans"
android:screenOrientation="portrait"
android:theme="@style/Theme.Tariff_plans" >
</activity>
<activity
android:name=".TransactionMessageActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".AboutActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ShareActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateHidden" >
</activity>
<activity
android:name=".ActivityLastRechargeList"
android:label="@string/title_activity_activity_last_recharge_list"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityNewInfo"
android:screenOrientation="portrait" >
</activity>
<activity
android:name=".ActivitySendMoney"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateHidden" >
</activity>
<activity
android:name=".ActivitySetTransactionPassword"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityReceivedMoneyDetails"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityTransactionHistory"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityRailBookingHistory"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityNotificationDialog"
android:screenOrientation="portrait"
android:theme="@android:style/Theme.Holo.Light.Dialog.NoActionBar" >
</activity>
<activity
android:name=".FirstActivity"
android:exported="true"
android:hardwareAccelerated="true"
android:label="@string/title_activity_main"
android:launchMode="singleTop"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".activities.OffersFragmentActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Transparent" >
</activity>
<activity
android:name=".RechargeActivity"
android:exported="true"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".RailActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateHidden|adjustPan" >
</activity>
<activity
android:name=".InviteActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" />
<activity
android:name="in.Sptestdeals.DealsActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.test" >
</activity>
<activity
android:name=".ActivityNotification"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name="in.Sptestdeals.DealDetailsActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.test"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name="com.Spdealmodule.activities.ActivityTransactionMessageTest"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityPaymentOptionsSelection"
android:screenOrientation="portrait"
android:theme="@style/Theme.test"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".activities.OpenURLInWebViewActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.test"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".activities.OpenInterestURLInWebViewActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Transparent" >
</activity>
<activity
android:name=".activities.ActivityOfferDetail"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".activities.ActivityAskFriend"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".activities.ActivityNoOffer"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".ActivitySavedCard"
android:screenOrientation="portrait"
android:theme="@style/Theme.test"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name="com.facebook.FacebookActivity"
android:configChanges="keyboard|keyboardHidden|screenLayout|screenSize|orientation"
android:label="@string/app_name"
android:theme="@android:style/Theme.Translucent.NoTitleBar" />
<service android:name=".service.AppInstallIntentService" >
</service>
<service android:name=".service.FetchtestListService" >
</service>
<receiver android:name="com.broadcastreceiver.WakefullReceiverAppInstall" >
<intent-filter android:priority="2147483647" >
<action android:name="android.intent.action.PACKAGE_ADDED" />
<action android:name="android.intent.action.PACKAGE_INSTALL" />
<action android:name="android.intent.action.PACKAGE_REMOVED" />
<data android:scheme="package" />
</intent-filter>
</receiver>
<receiver
android:name="com.broadcastreceiver.ServiceStarter"
android:exported="true" >
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED" />
<action android:name="android.intent.action.QUICKBOOT_POWERON" />
<action android:name="android.intent.action.REBOOT" />
</intent-filter>
</receiver>
<receiver android:name="com.broadcastreceiver.NetworkChangeReceiver" >
<intent-filter>
<action android:name="android.net.conn.CONNECTIVITY_CHANGE" />
</intent-filter>
</receiver>
<service android:name=".service.NetworkChangeIntentService" />
<!--
WakefulBroadcastReceiver that will receive intents from GCM
services and hand them to the custom IntentService.
The com.google.android.c2dm.permission.SEND permission is necessary
so only GCM services can send data messages for the app.
-->
<receiver
android:name="com.Sptest.gcm.GcmBroadcastReceiver"
android:permission="com.google.android.c2dm.permission.SEND" >
<intent-filter>
<!-- Receives the actual messages. -->
<action android:name="com.google.android.c2dm.intent.RECEIVE" />
<category android:name="in.Sptest" />
</intent-filter>
</receiver>
<receiver
android:name="com.broadcastreceiver.ReferrerCatcher"
android:exported="true" >
<intent-filter android:priority="2147483647" >
<action android:name="com.android.vending.INSTALL_REFERRER" />
</intent-filter>
</receiver>
<service android:name="com.Sptest.gcm.GcmIntentService" />
<service android:name=".service.ReferralIntentService" />
<service android:name="com.google.analytics.tracking.android.CampaignTrackingService" />
<service android:name=".service.SmsReadService" />
<provider
android:name="com.facebook.FacebookContentProvider"
android:authorities="com.facebook.app.FacebookContentProvider1450001738595564"
android:exported="true" />
<service android:name=".service.InAppNotificationService" />
<service android:name="com.Sptest.gcm.GCMRegistrationService" />
<!-- <meta-data -->
<!-- android:name="com.google.android.gms.version" -->
<!-- android:value="@integer/google_play_services_version" /> -->
<meta-data
android:name="io.fabric.ApiKey"
android:value="5423ec39674b4ed2b5891b52a2a7738b1fe69317" />
<meta-data
android:name="com.facebook.sdk.ApplicationId"
android:value="@string/facebook_app_id" />
<meta-data
android:name="com.facebook.sdk.ApplicationName"
android:value="@string/app_name" />
<activity
android:name=".SMSVerifyActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="www.Sptest.com"
android:pathPrefix="/scomm/vf"
android:scheme="https" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="smsverify"
android:scheme="Sptest" />
</intent-filter>
</activity>
<activity
android:name="in.Testsdk.TestOffersListActivity"
android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize"
android:screenOrientation="portrait"
android:theme="@android:style/Theme.Translucent" >
</activity>
<service android:name="in.Testsdk.services.TestAppInstallIntentService" >
</service>
<service android:name="in.Testsdk.services.TestAppOpenService" >
</service>
<activity
android:name="in.Testsdk.TestOpenInterestActivity"
android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize"
android:screenOrientation="portrait"
android:theme="@style/Theme.Transparent" />
<activity
android:name="in.Testsdk.TestOpenURLInWebViewActivity"
android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize"
android:screenOrientation="portrait" >
</activity>
<receiver android:name="in.Testsdk.broadcastreceiver.WakefullReceiverAppInstall" >
<intent-filter android:priority="2147483647" >
<action android:name="android.intent.action.PACKAGE_ADDED" />
<action android:name="android.intent.action.PACKAGE_INSTALL" />
<action android:name="android.intent.action.PACKAGE_REMOVED" />
<data android:scheme="package" />
</intent-filter>
</receiver>
<activity
android:name=".RailPaymentWebViewActivity"
android:label="@string/title_activity_rail_payment_web_view"
android:screenOrientation="portrait">
</activity>
</application>
尽管您已经删除了onReceivedSslError方法,但其他一些库(如支付网关)可能仍在使用内置的WebView,因此您仍然会收到该警告。检查或更新所有库。我希望这能解决你的问题!
您必须为onReceivedSslError方法提供正确的实现。在这里回答Webview在实现onReceivedSslError 时避免来自google play的安全警报