You are using an unsafe implementation of X509TrustManager

Question

I've an app in Google Play, today I received a mail from Google saying that:

Google Play warning: You are using an unsafe implementation of X509TrustManager

It says something about the SSL certificate issues and a way to solve the issue.

I'm asking this question because of curiosity,

1. Actually what is this warning all about ?
2. I'm not using any network related activities in my app (it's a local database driven app), so why this warning occurred for my app?

More Details:

My app was built using Appcelerator Titanium and google says this implementation is in ti.modules.titanium.network.NonValidatingTrustManager;. I'm sure that I never used such a class in my code.

Answer 1

Actually what is this warning all about ?

You should have been linked to this page, which explains what it is all about. In a nutshell, Google is scanning apps for people who screw up SSL, such as blindly accepting all certificates as valid.

I'm not using any network related activities in my app (it's a local database driven app), so why this warning occurred for my app?

Because something else in your APK has done this. In the case of this developer, it was a library.

My app was built using Appcelerator Titanium and google says this implementation is in ti.modules.titanium.network.NonValidatingTrustManager;. I'm sure that I never used such a class in my code.

You may not have used it directly. However, something else is using it. Or, perhaps it is there because it is just part of the overall Titanium framework and remains in your APK.