tôi nhận được một email từ Google với chủ đề sau đây: Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler"
Google Play Cảnh báo: handler WebViewClient.onReceivedSslError
Dưới đây là thực hiện của tôi về phương pháp này (WebView Client):
public class MyBrowser extends WebViewClient {
boolean timeout;
public MyBrowser() {
timeout = true;
}
@Override
public void onPageStarted(WebView view, String url, Bitmap favicon) {
try {
progressBar.setVisibility(View.VISIBLE);
}catch(Exception e){
e.printStackTrace();
}
}
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
view.loadUrl(url);
return true;
}
public void onPageFinished(WebView view, String url) {
try{
progressBar.setVisibility(View.GONE);
webView.setVisibility(View.VISIBLE);
}catch(Exception e){
Log.e("Exception", e.toString());
Crashlytics.logException(e);
}
}
@Override
public void onReceivedError(WebView view, int errorCode,
String description, String failingUrl) {
isBack=true;
if (!CommonUtility.isNetworkAvailable()) {
view.loadUrl("file:///android_asset/error.html");
}
}
}
Sau khi cảnh báo đầu tiên, tôi đã xóa phương thức onReceivedSslError khỏi WebClient và tải lên bản dựng mới, nhưng một lần nữa tôi nhận được cảnh báo tương tự từ Google Play. và họ khuyên tôi: - "Có vẻ như phiên bản 18 vẫn có lỗ hổng. Vui lòng kiểm tra lại tệp kê khai của ứng dụng của bạn, lần này cẩn thận hơn để đảm bảo rằng lỗ hổng đã được giải quyết."
Dưới đây là tập tin Manifest của tôi: - (Vui lòng giúp tôi để thoát khỏi tắt vấn đề này)
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="in.test"
android:installLocation="auto"
android:versionCode="18"
android:versionName="2.0" >
<uses-sdk
android:minSdkVersion="14"
android:targetSdkVersion="21" />
<!-- GCM Permisssions -->
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<!--
Creates a custom permission so only this app can receive its messages.
NOTE: the permission *must* be called PACKAGE.permission.C2D_MESSAGE,
where PACKAGE is the application's package name.
-->
<permission
android:name="in.Sptest.permission.C2D_MESSAGE"
android:protectionLevel="signature" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.RECEIVE_SMS" />
<uses-permission android:name="android.permission.READ_SMS" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.GET_TASKS" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<application
android:name=".application.TestApplication"
android:hardwareAccelerated="true"
android:icon="@drawable/logo"
android:label="@string/app_name"
tools:replace="android:icon,android:name" >
<activity
android:name=".LauncherScreen"
android:hardwareAccelerated="true"
android:label="@string/title_activity_main"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".MainActivity"
android:hardwareAccelerated="true"
android:label="@string/title_activity_main"
android:noHistory="false"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".URLActivity"
android:label="@string/app_name"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".SplashActivity"
android:label="@string/app_name"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".activities.ActivityIntro"
android:label="@string/app_name"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity
android:name=".Login_test"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".fragment.FragmentActivityNumberVerification"
android:icon="@drawable/app_icon"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".BrowserScreen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".activities.TermsActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".DataCardRecharge"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".UserFeedBack"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".PostpaidMobileRecharge"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".PrepaidMobileRecharge"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".Recharge"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailBooking"
android:label="@string/title_activity_launcher_screen"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ProfileDetails"
android:label="@string/title_activity_profile_details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailTransactionhistory"
android:label="@string/title_activity_transactionhistory"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".GetPhoneContact"
android:label="@string/title_activity_get_phone_contact"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".TariffPlans"
android:label="@string/title_activity_tariff_plans"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".TrnsactionHistory_Details"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailTrnsactionHistory_Details"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".MyProfile"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ZaakPAyResponse"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ZaakPAyResponseRailBooking"
android:label="@string/title_activity_trnsaction_history__details"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailTicket_PNR"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".PNRStatusDetails"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".RailTicket_History"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".activities.ActivityFavouriteDialog"
android:screenOrientation="portrait"
android:theme="@android:style/Theme.Translucent.NoTitleBar" />
<activity
android:name=".PassenderHistory"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" />
<!-- Copy below Activity Declarations inside <application></application> tag in AndroidManifest.xml of your application -->
<!-- Wallet SDK Activity Classes Start Here -->
<!-- Wallet SDK Activity Classes End Here -->
<activity
android:name=".TariffPlansActivity"
android:label="@string/title_activity_tariff_plans"
android:screenOrientation="portrait"
android:theme="@style/Theme.Tariff_plans" >
</activity>
<activity
android:name=".TransactionMessageActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".AboutActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ShareActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateHidden" >
</activity>
<activity
android:name=".ActivityLastRechargeList"
android:label="@string/title_activity_activity_last_recharge_list"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityNewInfo"
android:screenOrientation="portrait" >
</activity>
<activity
android:name=".ActivitySendMoney"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateHidden" >
</activity>
<activity
android:name=".ActivitySetTransactionPassword"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityReceivedMoneyDetails"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityTransactionHistory"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityRailBookingHistory"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityNotificationDialog"
android:screenOrientation="portrait"
android:theme="@android:style/Theme.Holo.Light.Dialog.NoActionBar" >
</activity>
<activity
android:name=".FirstActivity"
android:exported="true"
android:hardwareAccelerated="true"
android:label="@string/title_activity_main"
android:launchMode="singleTop"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".activities.OffersFragmentActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Transparent" >
</activity>
<activity
android:name=".RechargeActivity"
android:exported="true"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".RailActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateHidden|adjustPan" >
</activity>
<activity
android:name=".InviteActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" />
<activity
android:name="in.Sptestdeals.DealsActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.test" >
</activity>
<activity
android:name=".ActivityNotification"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name="in.Sptestdeals.DealDetailsActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.test"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name="com.Spdealmodule.activities.ActivityTransactionMessageTest"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
</activity>
<activity
android:name=".ActivityPaymentOptionsSelection"
android:screenOrientation="portrait"
android:theme="@style/Theme.test"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".activities.OpenURLInWebViewActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.test"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".activities.OpenInterestURLInWebViewActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Transparent" >
</activity>
<activity
android:name=".activities.ActivityOfferDetail"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".activities.ActivityAskFriend"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".activities.ActivityNoOffer"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name=".ActivitySavedCard"
android:screenOrientation="portrait"
android:theme="@style/Theme.test"
android:windowSoftInputMode="stateAlwaysHidden" >
</activity>
<activity
android:name="com.facebook.FacebookActivity"
android:configChanges="keyboard|keyboardHidden|screenLayout|screenSize|orientation"
android:label="@string/app_name"
android:theme="@android:style/Theme.Translucent.NoTitleBar" />
<service android:name=".service.AppInstallIntentService" >
</service>
<service android:name=".service.FetchtestListService" >
</service>
<receiver android:name="com.broadcastreceiver.WakefullReceiverAppInstall" >
<intent-filter android:priority="2147483647" >
<action android:name="android.intent.action.PACKAGE_ADDED" />
<action android:name="android.intent.action.PACKAGE_INSTALL" />
<action android:name="android.intent.action.PACKAGE_REMOVED" />
<data android:scheme="package" />
</intent-filter>
</receiver>
<receiver
android:name="com.broadcastreceiver.ServiceStarter"
android:exported="true" >
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED" />
<action android:name="android.intent.action.QUICKBOOT_POWERON" />
<action android:name="android.intent.action.REBOOT" />
</intent-filter>
</receiver>
<receiver android:name="com.broadcastreceiver.NetworkChangeReceiver" >
<intent-filter>
<action android:name="android.net.conn.CONNECTIVITY_CHANGE" />
</intent-filter>
</receiver>
<service android:name=".service.NetworkChangeIntentService" />
<!--
WakefulBroadcastReceiver that will receive intents from GCM
services and hand them to the custom IntentService.
The com.google.android.c2dm.permission.SEND permission is necessary
so only GCM services can send data messages for the app.
-->
<receiver
android:name="com.Sptest.gcm.GcmBroadcastReceiver"
android:permission="com.google.android.c2dm.permission.SEND" >
<intent-filter>
<!-- Receives the actual messages. -->
<action android:name="com.google.android.c2dm.intent.RECEIVE" />
<category android:name="in.Sptest" />
</intent-filter>
</receiver>
<receiver
android:name="com.broadcastreceiver.ReferrerCatcher"
android:exported="true" >
<intent-filter android:priority="2147483647" >
<action android:name="com.android.vending.INSTALL_REFERRER" />
</intent-filter>
</receiver>
<service android:name="com.Sptest.gcm.GcmIntentService" />
<service android:name=".service.ReferralIntentService" />
<service android:name="com.google.analytics.tracking.android.CampaignTrackingService" />
<service android:name=".service.SmsReadService" />
<provider
android:name="com.facebook.FacebookContentProvider"
android:authorities="com.facebook.app.FacebookContentProvider1450001738595564"
android:exported="true" />
<service android:name=".service.InAppNotificationService" />
<service android:name="com.Sptest.gcm.GCMRegistrationService" />
<!-- <meta-data -->
<!-- android:name="com.google.android.gms.version" -->
<!-- android:value="@integer/google_play_services_version" /> -->
<meta-data
android:name="io.fabric.ApiKey"
android:value="5423ec39674b4ed2b5891b52a2a7738b1fe69317" />
<meta-data
android:name="com.facebook.sdk.ApplicationId"
android:value="@string/facebook_app_id" />
<meta-data
android:name="com.facebook.sdk.ApplicationName"
android:value="@string/app_name" />
<activity
android:name=".SMSVerifyActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="www.Sptest.com"
android:pathPrefix="/scomm/vf"
android:scheme="https" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="smsverify"
android:scheme="Sptest" />
</intent-filter>
</activity>
<activity
android:name="in.Testsdk.TestOffersListActivity"
android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize"
android:screenOrientation="portrait"
android:theme="@android:style/Theme.Translucent" >
</activity>
<service android:name="in.Testsdk.services.TestAppInstallIntentService" >
</service>
<service android:name="in.Testsdk.services.TestAppOpenService" >
</service>
<activity
android:name="in.Testsdk.TestOpenInterestActivity"
android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize"
android:screenOrientation="portrait"
android:theme="@style/Theme.Transparent" />
<activity
android:name="in.Testsdk.TestOpenURLInWebViewActivity"
android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize"
android:screenOrientation="portrait" >
</activity>
<receiver android:name="in.Testsdk.broadcastreceiver.WakefullReceiverAppInstall" >
<intent-filter android:priority="2147483647" >
<action android:name="android.intent.action.PACKAGE_ADDED" />
<action android:name="android.intent.action.PACKAGE_INSTALL" />
<action android:name="android.intent.action.PACKAGE_REMOVED" />
<data android:scheme="package" />
</intent-filter>
</receiver>
<activity
android:name=".RailPaymentWebViewActivity"
android:label="@string/title_activity_rail_payment_web_view"
android:screenOrientation="portrait">
</activity>
</application>
Bạn đã kiểm tra tất cả các thư viện mà bạn đang sử dụng chưa? Có thể một lớp đang sử dụng trình xử lý WebViewClient.onReceivedSslError! –
Đây là câu trả lời hay nhất. http://stackoverflow.com/a/36147896/1488066 – AndroidLad