Stack Overflow
Stack Overflow

Questions tagged [android-security]

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

Tag used by Android in Security Alert messages to developers. The Security Alert message is often accompanied with a Google-Play rejection. AOSP instructions state to tag a question with it.

656 questions
76
votes
8 answers

WebView: how to avoid security alert from Google Play upon implementation of onReceivedSslError

I have a link which will open in WebView. The problem is it cannot be open until I override onReceivedSslError like this: @Override public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) { handler.proceed(); } I…
captaindroid
  • 2,868
  • 6
  • 31
  • 45
75
votes
4 answers

What is AAPT (Android Asset Packaging Tool) and how does it work?

What does AAPT (Android Asset Packaging Tool) mean? How does it work? Can I ship the .so file of one application in the APK file of another application using AAPT?
Ganesh
  • 923
  • 1
  • 7
  • 12
61
votes
4 answers

CLEARTEXT communication not permitted by network security policy working on my mobile

I am building an APP, and facing CLEARTEXT communication not permitted by network security policy error on my friend mobile (I am just testing it on anther mobile). of course i am not able to trace the problem as the application is working OK on my…
Thudner
  • 1,043
  • 1
  • 7
  • 14
56
votes
2 answers

Chain is null when retrieving private key

I'm encrypting data in my app using a RSA keypair that I am storing in the Android keystore. I've been seeing NullPointerExceptions in the Play Store, but I have not been able to reproduce them: java.lang.NullPointerException: chain == null at…
AesSedai101
  • 1,502
  • 2
  • 23
  • 37
27
votes
5 answers

How to fix unsafe implementation of X509TrustManager in Android app

Google has advised that I have an unsafe implementation of the interface X509TrustManager in my Android application and need to change my code as follows: To properly handle SSL certificate validation, change your code in the checkServerTrusted…
Nabeel
  • 611
  • 1
  • 6
  • 11
26
votes
1 answer

UnrecoverableKeyException Failed to obtain information about private key, KeyStoreException: Invalid key blob

In our app we've been having issues with data in the Android Keystore suddenly becoming inaccessible. The specific exception we're seeing is here: java.security.UnrecoverableKeyException: Failed to obtain information about private key at…
jinaud
  • 271
  • 3
  • 5
25
votes
2 answers

How to save Oauth Access token securely in android

I have access token from the server after authentication lets say "uyhjjfjfgg567f8fhjkkf" now I want to save it in the device securely. I looked in Keystore and Keychain in android developer sites. I dont clearly understand how it works and how we…
George Thomas
  • 4,566
  • 5
  • 30
  • 65
25
votes
2 answers

How to prevent usage of leaked keystore and password?

Problem The keystore and its password are used to sign the app that is then used by Android to identify the developer. If leaked, someone could update the concerned app on our behalf. Even if the person doesn't have access to our playstore account,…
oldergod
  • 15,033
  • 7
  • 62
  • 88
24
votes
4 answers

Google Play security alert for insecure TrustManager

In one of my apps I'm using HTTPS with a self-signed certificate and followed the sample code from the android developer training site (https://developer.android.com/training/articles/security-ssl.html#UnknownCa). I recently got the following alert…
Muzikant
  • 8,070
  • 5
  • 54
  • 88
20
votes
4 answers

Programmatically accept call in Nougat

From one year, I have been working over IOT product and the application attached was working fine. Now I am not able to accept call programmatically in higher versions of android. Feature is very important to product. Any help is highly…
AndroidHacker
  • 3,596
  • 1
  • 25
  • 45
18
votes
11 answers

Google Play Warning Incorrect Implementation of Google Play inApp Billing

I just received the following email from Google Play 'Hello Google Play Developer, We detected that your app(s) listed at the end of this email are invoking the in-app billing service without setting a target package for the intent. This can…
Jawad Amjad
  • 2,532
  • 2
  • 29
  • 59
18
votes
3 answers

android Google Play Warning: SSL Error Handler Vulnerability

I use the gorbin/ASNE SDK in my app. I recently received an email from Google with the following subject : "Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the…
Atef Daoud
  • 349
  • 1
  • 2
  • 9
17
votes
3 answers

Network security config for range of ip addresses?

In Android P, cleartext communication is disabled by default. Instead, there are two options: One needs to explicitly declare that cleartext communication is allowed in the manifest file with Or needs to declare the allowed domains that allow…
user10293922
  • 181
  • 1
  • 3
17
votes
3 answers

Handling certificate errors in Android Webview and clearing the certificate peferences

I am trying to find a proper way to handle SSL certificate errors in the Android Webview. My goal is to provide a way to load pages with SSL certificate errors, but let the user choose to load the page after warning him about security any time he…
androidseb
  • 1,257
  • 2
  • 14
  • 17
16
votes
4 answers

Your app contains unsafe cryptographic encryption patterns (in dynamically loaded code)

This recently popped out pre-launch report, once I published minor update to app. I've seen also couple of similar recently in other projects, with class names obfuscated in exactly same name (bjqm.* , bpce.*). I wonder whats causing it (which…
Erkki Nokso-Koivisto
  • 1,203
  • 15
  • 19
1
2 3
43 44