Please help, I have the below implementation in MainApplication.java file. I am checking fixed hostnames and then returning true or false accordingly.
Error Insecure hostname verifier
Security Your app is using an unsafe implementation of hostname verifier. Please see this Google Help Centre article for details, including the deadline for fixing the vulnerability.
Ld/a/a/a/a/c/e$1; Ld/a/a/a/a/c/f$1; sv:deadline:12/10/2020
@Override
public void onCreate() {
super.onCreate();
hostnameVerifier();
MobileCore.setApplication(this);
SoLoader.init(this, /* native exopackage */ false);
ReactNativeFirebaseApp.setApplicationContext(this);
}
private void hostnameVerifier(){
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
String hostList[] = {"in.appcenter.ms", "graph.facebook.com",
"assets.adobedtm.com", "codepushupdates.azureedge.net", "app-measurement.com",
"forter.com", "dmn1", "dmn2", "dmn3", "quantummetric.com", "urbanairship.com", "demdex.net", "search.unbxd.io",
"monetate.net", "bazaarvoice.com", "google.com", "stylitics.com", "getcandid.com","braintreegateway.com"
};
for (String host : hostList) {
if (host.contains(arg0) || arg0.endsWith(host)) {
return true;
}
}
return false;
}
});
}
What should I change, please help.
On google play console go to Release Management -> Select apk version -> Security tab. There you will see list of security issues with that apk along with class in your code that's causing that security issue where ever possible.
If you do not see a class name and rather see some encoded code in the security warning message, upload another build by disabling whatever code compress tool you maybe using. In my case it was proguard, I disabled it and got the library name. FYI - THe library was Braintree in my case