Answer the question
In order to leave comments, you need to log in
Android. Unity SDK. WebViewClient.onReceivedSslError?
Hello! When adding the Unity SDK to a project and trying to publish the app to Google Play.
The store is rejecting the application with the following error:
Security alert
Your application has an unsafe implementation of the WebViewClient.onReceivedSslError handler. Specifically, the implementation ignores all SSL certificate validation errors, making your app vulnerable to man-in-the-middle attacks. An attacker could change the affected WebView's content, read transmitted data (such as login credentials), and execute code inside the app using JavaScript.
To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise. An email alert containing the affected app(s) and class(es) has been sent to your developer account address.
Please address this vulnerability as soon as possible and increment the version number of the upgraded APK. For more information about the SSL error handler, please see our documentation in the Developer Help Center. For other technical questions, you can post to https://www.stackoverflow.com/questionsand use the tags “android-security” and “SslErrorHandler.” If you are using a 3rd party library that's responsible for this, please notify the 3rd party and work with them to address the issue.
If you remove the Odnoklassniki SDK, then the store accepts the application.
How, then, to embed the SDK in a mobile application?
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question