Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Google Play Blocker: Unsafe HostnameVerifier Defined #833

Closed
5 of 11 tasks
subinkrishna opened this issue Apr 30, 2020 · 1 comment
Closed
5 of 11 tasks

Google Play Blocker: Unsafe HostnameVerifier Defined #833

subinkrishna opened this issue Apr 30, 2020 · 1 comment

Comments

@subinkrishna
Copy link

OS:

  • Windows
  • MacOS
  • Linux

Platform:

  • iOS
  • Android

SDK:

  • @sentry/react-native
  • react-native-sentry

SDK version: 1.2.1
react-native version: 0.61.4

Are you using Expo?

  • Yes
  • No

Are you using sentry.io or on-premise?

  • sentry.io (SaaS)
  • on-premise

Configuration:

Sentry.init({
  dsn: 'https://[email protected]/...'
});

We did a DataTheorem scan of our app and it identified unsafe implementation & HostnameVerifier

The following classes within the App define an insecure HostnameVerifier) that disables SSL hostname validation:

io.sentry.connection.HttpConnection$1

Regardless of whether the affected classes are actually used at runtime or not, Google Play is blocking any App that defines such an insecure HostnameVerifier, as detailed on Google’s support page :

“Beginning March 1, 2017, Google Play will block publishing of any new apps or updates that use an unsafe implementation of HostnameVerifier.”

@marandaneto
Copy link
Contributor

dup of getsentry/sentry-java/issues/840

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants