I am using following dependencies in my app :
dependencies {
compile fileTree(include: '*.jar', dir: 'libs')
compile project(':zxing-2.3.0')
compile project(':ColorPickerView')
compile project(':DropboxChooserSDK')
compile project(':PullToRefreshLibrary')
compile project(':volley')
compile 'com.android.support:recyclerview-v7:24.0.0-alpha2'
compile 'com.facebook.android:facebook-android-sdk:4.5.0'
compile 'com.google.android.gms:play-services-analytics:8.4.0'
compile 'com.google.android.gms:play-services-gcm:8.4.0'
compile 'com.android.support:design:23.3.0'
compile 'com.github.ctodobom:OpenCV-3.1.0-Android:-SNAPSHOT'
}
I was using opencv library version 2.4.8 and google play console rejected my app saying libpng vulnerability issue. So i updated opencv library to 3.1.0 and still the google play console is rejecting saying the same libpng vulnerability issue.
So i am confused if any other library from above is using libpng library?
EDIT:
I created a sample project which has the above libraries and for testing purpose I downgraded opencv to 2.4.8 (which has libpng issue) and what can i say, it is not giving any warning about libpng, it is getting published. So where exactly is the problem?
I found out the problem. The old opencv library(which has vulnerability issue) created libopencv_java.so file and it was still there in the libs folder even after updating the library. So somehow the new .so file was not generating.
Steps taken to solve :
If you want to check the libpng version used by opencv, first find libopencv_java.so which will be in libs or build folder and use the following command in terminal strings libopencv_java.so | grep "libpng".
After this i published in playstore and everything is fine. Hope this helps someone.