Results 1 to 10 of 10

Thread: [Android] Google Play Developer libpng warning

  1. #1
    Neuer skobbler
    Join Date
    13.05.2015
    Posts
    7

    Ausrufezeichen [Android] Google Play Developer libpng warning

    I just submitted a new version of my app to the Google Play Store containing the Skobbler SDK and received the following warning:

    Hello Google Play Developer,

    We detected that your app(s) listed at the end of this email are using an unsafe version of the libpng library. Apps with vulnerabilities like this can expose users to risk of compromise and may be considered in violation of our Malicious Behavior policy.

    What’s happening

    Beginning September 17, 2016, Google Play will block publishing of any new apps or updates that use vulnerable versions of libpng. Your published APK version will not be affected, however any updates to the app will be blocked unless you address this vulnerability.

    Action required: Migrate your app(s) to use libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher as soon as possible and increment the version number of the upgraded APK.
    It looks like the libngnative.so files that are included with the sdk are actually libpng. In terminal when I use
    Code:
    grep -r -n --text "libpng" .
    I can see the following info
    ./app/src/main/jniLibs/x86/libngnative.so:10864:libpng version 1.5.10 - March 29, 2012
    Looks like this needs to be updated to v1.5.26 otherwise people are going to start having issues submitting their Android Apps. Any quick fixes or ETA on a solution for this? Thanks!

  2. #2
    Dev platform evangelist dandronic's Avatar
    Join Date
    31.03.2014
    Posts
    177
    Thanks for sharing - we've also received this warning message for our own apps – we're working towards updating the libpng version (the September timeframe should allow us to properly handle this threat).

  3. #3
    Neuer skobbler
    Join Date
    17.06.2016
    Posts
    1
    Quote Originally Posted by dandronic View Post
    Thanks for sharing - we've also received this warning message for our own apps – we're working towards updating the libpng version (the September timeframe should allow us to properly handle this threat).
    Hi dandronic, are you able to confirm whether this will be an update to the 2.5.1 version, or will it only be fixed in the 3.0+ releases?

  4. #4
    Dev platform evangelist dandronic's Avatar
    Join Date
    31.03.2014
    Posts
    177
    We will make the fix for both 2.5.1 and 3.0

  5. #5
    Neuer skobbler
    Join Date
    09.04.2016
    Posts
    3
    Please consider a timely update so that we can tackle this issue as quickly as possible. Ideally as a separate patch-version that doesn't tackle anything else.

    September is not that far away - especially since summer holidays also happen to be within this timeframe.

  6. #6
    Oberskobbler
    Join Date
    22.07.2014
    Posts
    399
    For our SDK users the estimate timeframe to release this fix is the first week of August. We’ve added this issue as a priority on our list.

  7. #7
    Dev platform evangelist dandronic's Avatar
    Join Date
    31.03.2014
    Posts
    177
    The hotfix for 2.5.1 is already available: http://forum.skobbler.com/showthread.php/7563-Latest-2-5-1-builds

    The 3.0.0 fix will be part of the 3.0.1 update (in August)

  8. #8
    Neuer skobbler
    Join Date
    15.09.2016
    Posts
    2
    Any news regarding the patch for v3.0 ? Or a roadmap to the 3.0.1 ? I am facing this issue with an app in production on the playstore with the sdk version 3.. Thanks !

  9. #9
    Dev platform evangelist dandronic's Avatar
    Join Date
    31.03.2014
    Posts
    177
    The 3.0.1 release is already available - containing the libpng update: please see http://forum.skobbler.com/showthread...andidate-build

  10. #10
    Neuer skobbler
    Join Date
    15.09.2016
    Posts
    2
    Thanks a lot !

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •