Google Play Warning: WebViewClient.onReceivedSslError handler
Asked Answered
L

2

12

I got an email from Google with the following subject : Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler"

Here's my implementation of the method (WebView Client) :

 public class MyBrowser extends WebViewClient {
    boolean timeout;
    public MyBrowser() {
        timeout = true;
    }
    @Override
    public void onPageStarted(WebView view, String url, Bitmap favicon) {
        try {

                progressBar.setVisibility(View.VISIBLE);                   

        }catch(Exception e){
            e.printStackTrace();
        }
    }
    @Override
    public boolean shouldOverrideUrlLoading(WebView view, String url) {
        view.loadUrl(url);
        return true;
    }

    public void onPageFinished(WebView view, String url) {

        try{

        progressBar.setVisibility(View.GONE);
        webView.setVisibility(View.VISIBLE);

        }catch(Exception e){
            Log.e("Exception", e.toString());
            Crashlytics.logException(e);
        }

    }

    @Override
    public void onReceivedError(WebView view, int errorCode,
                                String description, String failingUrl) {
        isBack=true;
        if (!CommonUtility.isNetworkAvailable()) {

            view.loadUrl("file:///android_asset/error.html");
        }
    }

}

After first warning, i removed the onReceivedSslError Method from the WebClient and uploaded the new build, but again i got the same warning from Google Play. and they recommended me to :- " It looks like Version 18 still has the vulnerability. Please re-check your app's manifest file, this time more carefully, to ensure that the vulnerability has been address."

Here's my Manifest File :- (Kindly Help me to get rid off this issue)

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="in.test"
android:installLocation="auto"
android:versionCode="18"
android:versionName="2.0" >

<uses-sdk
    android:minSdkVersion="14"
    android:targetSdkVersion="21" />

<!-- GCM Permisssions -->
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />

<!--
 Creates a custom permission so only this app can receive its messages.

 NOTE: the permission *must* be called PACKAGE.permission.C2D_MESSAGE,
       where PACKAGE is the application's package name.
-->
<permission
    android:name="in.Sptest.permission.C2D_MESSAGE"
    android:protectionLevel="signature" />

<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.RECEIVE_SMS" />
<uses-permission android:name="android.permission.READ_SMS" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.GET_TASKS" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />



<application
    android:name=".application.TestApplication"
    android:hardwareAccelerated="true"
    android:icon="@drawable/logo"
    android:label="@string/app_name"
    tools:replace="android:icon,android:name" >
    <activity
        android:name=".LauncherScreen"
        android:hardwareAccelerated="true"
        android:label="@string/title_activity_main"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".MainActivity"
        android:hardwareAccelerated="true"
        android:label="@string/title_activity_main"
        android:noHistory="false"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".URLActivity"
        android:label="@string/app_name"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".SplashActivity"
        android:label="@string/app_name"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".activities.ActivityIntro"
        android:label="@string/app_name"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />

            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
    </activity>
    <activity
        android:name=".Login_test"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".fragment.FragmentActivityNumberVerification"
        android:icon="@drawable/app_icon"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".BrowserScreen"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".activities.TermsActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".DataCardRecharge"
        android:label="@string/title_activity_launcher_screen"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".UserFeedBack"
        android:label="@string/title_activity_launcher_screen"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".PostpaidMobileRecharge"
        android:label="@string/title_activity_launcher_screen"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".PrepaidMobileRecharge"
        android:label="@string/title_activity_launcher_screen"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".Recharge"
        android:label="@string/title_activity_launcher_screen"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".RailBooking"
        android:label="@string/title_activity_launcher_screen"
        android:screenOrientation="portrait"

        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ProfileDetails"
        android:label="@string/title_activity_profile_details"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".RailTransactionhistory"
        android:label="@string/title_activity_transactionhistory"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".GetPhoneContact"
        android:label="@string/title_activity_get_phone_contact"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".TariffPlans"
        android:label="@string/title_activity_tariff_plans"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".TrnsactionHistory_Details"
        android:label="@string/title_activity_trnsaction_history__details"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".RailTrnsactionHistory_Details"
        android:label="@string/title_activity_trnsaction_history__details"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".MyProfile"
        android:label="@string/title_activity_trnsaction_history__details"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ZaakPAyResponse"
        android:label="@string/title_activity_trnsaction_history__details"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ZaakPAyResponseRailBooking"
        android:label="@string/title_activity_trnsaction_history__details"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".RailTicket_PNR"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".PNRStatusDetails"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".RailTicket_History"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".activities.ActivityFavouriteDialog"
        android:screenOrientation="portrait"
        android:theme="@android:style/Theme.Translucent.NoTitleBar" />
    <activity
        android:name=".PassenderHistory"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" />

    <!-- Copy below Activity Declarations inside <application></application> tag in AndroidManifest.xml of your application -->
    <!-- Wallet SDK Activity Classes Start Here -->

    <!-- Wallet SDK Activity Classes End Here -->
    <activity
        android:name=".TariffPlansActivity"
        android:label="@string/title_activity_tariff_plans"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Tariff_plans" >
    </activity>
    <activity
        android:name=".TransactionMessageActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".AboutActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ShareActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar"
        android:windowSoftInputMode="stateHidden" >
    </activity>
    <activity
        android:name=".ActivityLastRechargeList"
        android:label="@string/title_activity_activity_last_recharge_list"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ActivityNewInfo"
        android:screenOrientation="portrait" >
    </activity>
    <activity
        android:name=".ActivitySendMoney"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar"
        android:windowSoftInputMode="stateHidden" >
    </activity>
    <activity
        android:name=".ActivitySetTransactionPassword"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ActivityReceivedMoneyDetails"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ActivityTransactionHistory"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ActivityRailBookingHistory"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ActivityNotificationDialog"
        android:screenOrientation="portrait"
        android:theme="@android:style/Theme.Holo.Light.Dialog.NoActionBar" >
    </activity>


    <activity
        android:name=".FirstActivity"
        android:exported="true"
        android:hardwareAccelerated="true"
        android:label="@string/title_activity_main"
        android:launchMode="singleTop"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".activities.OffersFragmentActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Transparent" >
    </activity>
    <activity
        android:name=".RechargeActivity"
        android:exported="true"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar"
        android:windowSoftInputMode="stateAlwaysHidden" >
    </activity>
    <activity
        android:name=".RailActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar"
    android:windowSoftInputMode="stateHidden|adjustPan" >
    </activity>
    <activity
        android:name=".InviteActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" />
    <activity
        android:name="in.Sptestdeals.DealsActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.test" >
    </activity>
    <activity
        android:name=".ActivityNotification"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name="in.Sptestdeals.DealDetailsActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.test"
        android:windowSoftInputMode="stateAlwaysHidden" >
    </activity>
    <activity
        android:name="com.Spdealmodule.activities.ActivityTransactionMessageTest"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
    </activity>
    <activity
        android:name=".ActivityPaymentOptionsSelection"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.test"
        android:windowSoftInputMode="stateAlwaysHidden" >
    </activity>
    <activity
        android:name=".activities.OpenURLInWebViewActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.test"
        android:windowSoftInputMode="stateAlwaysHidden" >
    </activity>
    <activity
        android:name=".activities.OpenInterestURLInWebViewActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Transparent" >
    </activity>
    <activity
        android:name=".activities.ActivityOfferDetail"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar"
        android:windowSoftInputMode="stateAlwaysHidden" >
    </activity>
    <activity
        android:name=".activities.ActivityAskFriend"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar"
        android:windowSoftInputMode="stateAlwaysHidden" >
    </activity>
    <activity
        android:name=".activities.ActivityNoOffer"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar"
        android:windowSoftInputMode="stateAlwaysHidden" >
    </activity>
    <activity
        android:name=".ActivitySavedCard"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.test"
        android:windowSoftInputMode="stateAlwaysHidden" >
    </activity>
    <activity
        android:name="com.facebook.FacebookActivity"
        android:configChanges="keyboard|keyboardHidden|screenLayout|screenSize|orientation"
        android:label="@string/app_name"
        android:theme="@android:style/Theme.Translucent.NoTitleBar" />

    <service android:name=".service.AppInstallIntentService" >
    </service>
    <service android:name=".service.FetchtestListService" >
    </service>

    <receiver android:name="com.broadcastreceiver.WakefullReceiverAppInstall" >
        <intent-filter android:priority="2147483647" >
            <action android:name="android.intent.action.PACKAGE_ADDED" />
            <action android:name="android.intent.action.PACKAGE_INSTALL" />
            <action android:name="android.intent.action.PACKAGE_REMOVED" />

            <data android:scheme="package" />
        </intent-filter>
    </receiver>
    <receiver
        android:name="com.broadcastreceiver.ServiceStarter"
        android:exported="true" >
        <intent-filter>
            <action android:name="android.intent.action.BOOT_COMPLETED" />
            <action android:name="android.intent.action.QUICKBOOT_POWERON" />
            <action android:name="android.intent.action.REBOOT" />
        </intent-filter>
    </receiver>
    <receiver android:name="com.broadcastreceiver.NetworkChangeReceiver" >
        <intent-filter>
            <action android:name="android.net.conn.CONNECTIVITY_CHANGE" />
        </intent-filter>
    </receiver>

    <service android:name=".service.NetworkChangeIntentService" />

    <!--
      WakefulBroadcastReceiver that will receive intents from GCM
      services and hand them to the custom IntentService.

      The com.google.android.c2dm.permission.SEND permission is necessary
      so only GCM services can send data messages for the app.
    -->
    <receiver
        android:name="com.Sptest.gcm.GcmBroadcastReceiver"
        android:permission="com.google.android.c2dm.permission.SEND" >
        <intent-filter>

            <!-- Receives the actual messages. -->
            <action android:name="com.google.android.c2dm.intent.RECEIVE" />

            <category android:name="in.Sptest" />
        </intent-filter>
    </receiver>
    <receiver
        android:name="com.broadcastreceiver.ReferrerCatcher"
        android:exported="true" >
        <intent-filter android:priority="2147483647" >
            <action android:name="com.android.vending.INSTALL_REFERRER" />
        </intent-filter>
    </receiver>

    <service android:name="com.Sptest.gcm.GcmIntentService" />
    <service android:name=".service.ReferralIntentService" />
    <service android:name="com.google.analytics.tracking.android.CampaignTrackingService" />
    <service android:name=".service.SmsReadService" />

    <provider
        android:name="com.facebook.FacebookContentProvider"
        android:authorities="com.facebook.app.FacebookContentProvider1450001738595564"
        android:exported="true" />

    <service android:name=".service.InAppNotificationService" />
    <service android:name="com.Sptest.gcm.GCMRegistrationService" />




    <!-- <meta-data -->
    <!-- android:name="com.google.android.gms.version" -->
    <!-- android:value="@integer/google_play_services_version" /> -->
    <meta-data
        android:name="io.fabric.ApiKey"
        android:value="5423ec39674b4ed2b5891b52a2a7738b1fe69317" />
    <meta-data
        android:name="com.facebook.sdk.ApplicationId"
        android:value="@string/facebook_app_id" />
    <meta-data
        android:name="com.facebook.sdk.ApplicationName"
        android:value="@string/app_name" />

    <activity
        android:name=".SMSVerifyActivity"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Sherlock.Light.NoActionBar" >
        <intent-filter>
            <action android:name="android.intent.action.VIEW" />

            <category android:name="android.intent.category.DEFAULT" />
            <category android:name="android.intent.category.BROWSABLE" />

            <data
                android:host="www.Sptest.com"
                android:pathPrefix="/scomm/vf"
                android:scheme="https" />
        </intent-filter>
        <intent-filter>
            <action android:name="android.intent.action.VIEW" />

            <category android:name="android.intent.category.DEFAULT" />
            <category android:name="android.intent.category.BROWSABLE" />

            <data
                android:host="smsverify"
                android:scheme="Sptest" />
        </intent-filter>
    </activity>
    <activity
        android:name="in.Testsdk.TestOffersListActivity"
        android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize"
        android:screenOrientation="portrait"
        android:theme="@android:style/Theme.Translucent" >
    </activity>

    <service android:name="in.Testsdk.services.TestAppInstallIntentService" >
    </service>
    <service android:name="in.Testsdk.services.TestAppOpenService" >
    </service>

    <activity
        android:name="in.Testsdk.TestOpenInterestActivity"
        android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize"
        android:screenOrientation="portrait"
        android:theme="@style/Theme.Transparent" />
    <activity
        android:name="in.Testsdk.TestOpenURLInWebViewActivity"
        android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize"
        android:screenOrientation="portrait" >
    </activity>

    <receiver android:name="in.Testsdk.broadcastreceiver.WakefullReceiverAppInstall" >
        <intent-filter android:priority="2147483647" >
            <action android:name="android.intent.action.PACKAGE_ADDED" />
            <action android:name="android.intent.action.PACKAGE_INSTALL" />
            <action android:name="android.intent.action.PACKAGE_REMOVED" />

            <data android:scheme="package" />
        </intent-filter>
    </receiver>

    <activity
        android:name=".RailPaymentWebViewActivity"
        android:label="@string/title_activity_rail_payment_web_view"
        android:screenOrientation="portrait">
    </activity>
</application>

Log answered 30/3, 2016 at 7:10 Comment(2)
Have you checked all libraries that are you using? Maybe one class is using WebViewClient.onReceivedSslError handler!Ulises
Here is best answer. https://mcmap.net/q/265866/-webview-how-to-avoid-security-alert-from-google-play-upon-implementation-of-onreceivedsslerrorCouperin
R
2

Though you have removed onReceivedSslError method, some other libraries like payment gateways might still be using a built-in WebView and hence you are still getting that warning. Check all your libraries or update them. I hope this solves your problem!

Rioux answered 12/4, 2016 at 5:46 Comment(3)
Dear prateek , i checked already but no able to find this method in whole code. can you suggest some other way ??Log
Dear prateek, Following are the jar/aar files which i am using in our project :- 'com.google.android.gms:play-services:6.5.87' 'com.actionbarsherlock:actionbarsherlock:4.4.0@aar' 'com.facebook.android:facebook-android-sdk:4.1.0' android-async-http-1.4.6.jar' android-viewbadger.jar' AndroidSwipeLayout-v1.1.6.jar' libGoogleAnalyticsServices.jar' mobikwik_payment_android_sdk.jar' Kindly guide me, if anyone of them seems to be culprit for this issue.Log
Mobikwik_payment_android_sdk.jar M sure this library is using a webview and is the reason why you are seeing this warning.Rioux
A
-1

You must provide correct implementation for onReceivedSslError method. Answered here Webview avoid security alert from google play upon implementation of onReceivedSslError

Applicatory answered 31/3, 2016 at 6:53 Comment(1)
We have removed onReceivedSslError not to bypass SSL but still Google gave an alert to our app.Wetzell

© 2022 - 2024 — McMap. All rights reserved.