0

I am getting this issue from Google Play Console. What things goes as below

1. App's first screen will be code verification so once user enter code, there is one api call and in response we receiving other details for app, like BASE URL, API type, etc.
2. So every users have different code and every code receiving different BASE URL with different configuration, that means BASE_URL is not fixed. Its dynamic.

I have checked question 1, question 2, question 3, question 4 and some more also but not getting exactly what to do and how to fix it?
Below is my implementation its working fine but getting this google play console alert so please let me know what I have to update in my code ?

public static OkHttpClient.Builder safeOkHttpClient() {

    try {
        // Create a trust manager that does not validate certificate chains
        final TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    }

                    @Override
                    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    }

                    @Override
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[]{};
                    }
                }
        };

        // Install the all-trusting trust manager
        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());

        // Create an ssl socket factory with our all-trusting manager
        final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);

        builder.connectTimeout(CONNECTION_TIMEOUT, TimeUnit.SECONDS);
        builder.retryOnConnectionFailure(true);
        builder.readTimeout(READ_TIMEOUT, TimeUnit.SECONDS);
        builder.writeTimeout(WRITE_TIMEOUT, TimeUnit.SECONDS);
        builder.addInterceptor(apiCallBodyInterceptor());
        builder.followRedirects(true);
        builder.followSslRedirects(true);
        builder.hostnameVerifier((hostname, session) -> true);
        return builder;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

Another thing is I have used Glide library also so please let me know that is it possible to happen this things by that also ? Below is my Glide library version in build.gradle

implementation 'com.github.bumptech.glide:glide:4.7.1'
annotationProcessor 'com.github.bumptech.glide:compiler:4.7.1'
Farmer
  • 4,093
  • 3
  • 23
  • 47
  • This `builder.hostnameVerifier((hostname, session) -> true);` seems to be the problem. Make sure to add the implementation to verify your hosts, their ssl & don't simply pass `true`. – Darshan Apr 07 '23 at 07:29
  • @Darshan Yes that is right but as I explained in the question every new user host will be changed so how to do that? – Farmer Apr 07 '23 at 08:08
  • You can maintain an array list & add the new host before hitting the url/api. – Darshan Apr 07 '23 at 09:26
  • @Darshan can you share with some code ? – Farmer Apr 07 '23 at 10:04

0 Answers0