2

App was rejected for this : The vulnerabilities were addressed in OpenSSL 1.02f/1.01r. To confirm your OpenSSL version, you can do a grep search for:

The output of this command : 

$ unzip -p YourApplication.apk  | strings | grep "OpenSSL"

Is this : 

GmsCore_OpenSSL
OpenSSLDie
DSA_OpenSSL
DH_OpenSSL
ECDH_OpenSSL
ECDSA_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
UI_OpenSSL
%s(%d): OpenSSL internal error, assertion failed: %s
OpenSSL 1.0.1p 9 Jul 2015
OpenSSL CMAC method
OpenSSL default
OpenSSL DH Method
OpenSSL PKCS#3 DH method
OpenSSL DSA method
OpenSSL EC algorithm
OpenSSL ECDH method
OpenSSL ECDSA method
OpenSSL HMAC method
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
OpenSSL RSA method
OpenSSL default user interface
}AES part of OpenSSL 1.0.1p 9 Jul 2015
ASN.1 part of OpenSSL 1.0.1p 9 Jul 2015
Blowfish part of OpenSSL 1.0.1p 9 Jul 2015
Big Number part of OpenSSL 1.0.1p 9 Jul 2015
OCAMELLIA part of OpenSSL 1.0.1p 9 Jul 2015
\CAST part of OpenSSL 1.0.1p 9 Jul 2015
CONF part of OpenSSL 1.0.1p 9 Jul 2015
CONF_def part of OpenSSL 1.0.1p 9 Jul 2015
DES part of OpenSSL 1.0.1p 9 Jul 2015
libdes part of OpenSSL 1.0.1p 9 Jul 2015
Diffie-Hellman part of OpenSSL 1.0.1p 9 Jul 2015
DSA part of OpenSSL 1.0.1p 9 Jul 2015
EC part of OpenSSL 1.0.1p 9 Jul 2015
(1ECDH part of OpenSSL 1.0.1p 9 Jul 2015
ECDSA part of OpenSSL 1.0.1p 9 Jul 2015
EVP part of OpenSSL 1.0.1p 9 Jul 2015
IDEA part of OpenSSL 1.0.1p 9 Jul 2015
lhash part of OpenSSL 1.0.1p 9 Jul 2015
MD4 part of OpenSSL 1.0.1p 9 Jul 2015
MD5 part of OpenSSL 1.0.1p 9 Jul 2015
PEM part of OpenSSL 1.0.1p 9 Jul 2015
RAND part of OpenSSL 1.0.1p 9 Jul 2015
RC2 part of OpenSSL 1.0.1p 9 Jul 2015
RC4 part of OpenSSL 1.0.1p 9 Jul 2015
RIPE-MD160 part of OpenSSL 1.0.1p 9 Jul 2015
RSA part of OpenSSL 1.0.1p 9 Jul 2015
SHA part of OpenSSL 1.0.1p 9 Jul 2015
SHA1 part of OpenSSL 1.0.1p 9 Jul 2015
SHA-256 part of OpenSSL 1.0.1p 9 Jul 2015
DlSHA-512 part of OpenSSL 1.0.1p 9 Jul 2015
Stack part of OpenSSL 1.0.1p 9 Jul 2015
TXT_DB part of OpenSSL 1.0.1p 9 Jul 2015
X.509 part of OpenSSL 1.0.1p 9 Jul 2015
OpenSSL was built without SSLv2 support
could not parse PKCS12 file, check password, OpenSSL error %s
OpenSSL/%lx.%lx.%lx%s
OpenSSLDie
OpenSSL 1.0.1p 9 Jul 2015
SSLv2 part of OpenSSL 1.0.1p 9 Jul 2015
SSLv3 part of OpenSSL 1.0.1p 9 Jul 2015
TLSv1 part of OpenSSL 1.0.1p 9 Jul 2015
DTLSv1 part of OpenSSL 1.0.1p 9 Jul 2015

The problem i am not using openssl on my app. Maybe there is a third library i don't know which one .

compile fileTree(include: ['*.jar'], dir: 'libs')
    testCompile 'junit:junit:4.12'
    compile 'com.google.android.gms:play-services:9.8.0'
    compile 'com.google.protobuf:protobuf-java:3.0.0'
    compile 'com.github.jd-alexander:library:1.1.0'
    compile 'com.android.support.constraint:constraint-layout:1.0.2'
    compile 'com.android.support:support-v4:25.3.1'

    compile 'com.android.support:multidex:1.0.1'
    compile 'com.android.support:appcompat-v7:25.2.0'
    compile 'com.google.android.gms:play-services:9.8.0'
    compile 'com.journeyapps:zxing-android-embedded:3.4.0'
    compile 'com.github.lawloretienne:imagegallery:0.1.0'
    compile 'com.squareup.picasso:picasso:2.5.2'
    compile('com.crashlytics.sdk.android:crashlytics:2.9.0@aar') {
        transitive = true
    }
    compile 'com.android.volley:volley:1.1.0'
    compile('com.github.bumptech.glide:glide:3.5.2')

    compile 'com.google.firebase:firebase-core:16.0.2'

    compile 'com.android.support:percent:25.3.1'

    compile 'io.sentry:sentry-android:1.7.5'

    implementation 'com.intuit.sdp:sdp-android:1.0.5'

Please i need help.

Hassan
  • 930
  • 3
  • 16
  • 35
Houssein Zouari
  • 712
  • 6
  • 18
  • 1
    Try to list all of the dependencies of your dependencies, [this](https://stackoverflow.com/questions/21311727/gradle-how-to-display-where-a-dependency-conflict-arises) may help. And then see which 3rd party lib is using SSL. – Vucko Nov 06 '18 at 10:27
  • 1
    I bet it's `crashlytics`. Had a similar issue with them regarding `Violation of Usage of Android Advertising ID`. Updating the version to `2.9.5` solved it. – HedeH Nov 06 '18 at 10:31
  • @HedeH Could not find io.sentry:sentry-android:2.9.5 – Houssein Zouari Nov 06 '18 at 10:43
  • @Vucko i will try this and come back to you – Houssein Zouari Nov 06 '18 at 10:44
  • 3
    I wrote `crashlytics` - `com.crashlytics.sdk.android:crashlytics:2.9.5@aar`. Not `sentry`. – HedeH Nov 06 '18 at 10:44
  • thank you every one i find out the reason it was due to an old library. (Vibex) but files are still in the project. – Houssein Zouari Nov 07 '18 at 10:20

1 Answers1

0

I find out the error it was due to https://github.com/bia-nca/Vibex ( library not used any more in the project but so files associated to it are making troubles.

Houssein Zouari
  • 712
  • 6
  • 18