1

The app is developed in Kotlin and I have used okHttpClient to make API calls I am trying to host it on play store but they give me a vulnerability issue:

HostnameVerifier 
Your app(s) are using an unsafe implementation of the HostnameVerifier interface. You can find more information about how to resolve the issue in this Google Help Center article.

MY CODE:

    private val gson = GsonBuilder().setLenient().create()
private var httpLogger = HttpLoggingInterceptor()
        .setLevel(HttpLoggingInterceptor.Level.BODY)

private val customClient = OkHttpClient.Builder()
        .addInterceptor(httpLogger)
        .addInterceptor(ConnectivityInterceptor())
        .build()
private val sRetrofitBuilder = Retrofit.Builder()
        .addCallAdapterFactory(RxJava2CallAdapterFactory.create())
        .client(customClient)
        .addConverterFactory(GsonConverterFactory.create(gson))
        .baseUrl(DataUtils.getString(R.string.api_base_url))
        .build()

The app is running good in debug release though

Vansh Tah
  • 153
  • 8
  • Does this help https://support.google.com/faqs/answer/7188426?hl=en, https://stackoverflow.com/questions/40928435/google-play-security-alert-your-app-is-using-an-unsafe-implementation-of-the-h – WhiteSpidy. Sep 26 '20 at 11:52
  • No this doesn't help – Vansh Tah Sep 26 '20 at 12:30
  • Hi @VanshTah Do you got a solution for these issues, I'm also facing this issue in my project, if you got a solution please share a solution for these issues, Thank you in advance – Siva Sonai Nov 28 '20 at 06:24
  • Still struggling – Vansh Tah Nov 29 '20 at 19:31
  • You should look for an unsecure verifier in one of the libraries that you use. The easiest way I know, is to go trough all suspicious jars in "External Libraries" of your project, and search for HostnameVerifier in each. – Alex Cohn Apr 13 '21 at 19:19

0 Answers0