How to handle “android-security” and “TrustManager” issue regarding Flurry Analytics?

Question

I received an email from Google Play regarding “android-security” and “TrustManager” i.e. Your app(s) listed at the end of this email use an unsafe implementation of the interface X509TrustManager.as per an email my affected class is related to Flurry library.

Affected app(s), version(s), and class(es):

com.demo.movies 5 com.flurry.android.n;

so can anyone tell me how to handle this “android-security” and “TrustManager” issue regarding Flurry Analytics.

Edit: Issue is resolved after upgrade Flurry SDK.

read this: http://developer.android.com/training/articles/security-ssl.html — OShiffer, Mar 22 '16 at 07:42

score 3 · Answer 1 · answered Mar 23 '16 at 00:01

3

According to this, Flurry uses a vulnerable TrustManager in versions prior to 3.4. So upgrading to 3.4 or later should fix the issue.

answered Mar 23 '16 at 00:01

Antimony

37,781
10
100
107

Thanks, I have upgraded my Flurry SDK. – Maroti Mar 23 '16 at 11:05

score 0 · Answer 2 · answered Mar 22 '16 at 08:20

0

The way to handle this is pretty straight forward. Assuming you are not using the latest version of Flurry already: check the library's changelog to see if they have addressed the vulnerability. If they have, simply update the mentioned library to the latest version, rebuild your apk and upload it. If they have not, remove the library. Flurry isn't important enough to get your app removed from the play store.

answered Mar 22 '16 at 08:20

Jozua

1,274
10
18

Thanks @jozua I have upgraded my Flurry SDK. – Maroti Mar 23 '16 at 11:04

How to handle “android-security” and “TrustManager” issue regarding Flurry Analytics?

2 Answers2