Security Google Play Warning in OAuthActivity

[landarskiy]

For more details see stack overlow question

[gianpaolodn]

Same here.

the issue is inside the OAuthActivity.java in which

        @Override
        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
            handler.proceed();
        }

the method overrides the default one with handler.proceed() instead of handler.cancel().

Why?

[aantunovic]

Hi, does the 0.3.3.3 release on mvn include this fix ? I'm not sure when it was published..

[philippeluickx]

+1
I am using the 0.3.3.3 release in my apps but still got the warning from Google, so I assume this release does not include the fix yet.
It's also a bit tricky to pull down the last commit from git if it's untested...

[gianpaolodn]

Just received this email from google:

Beginning November 25, 2016, Google Play will block publishing of any new apps or updates that contain this vulnerability. Your published APK version will remain unaffected, however any updates to the app will be rejected unless you address this vulnerability.

So this means that a new release is needed or this library cannot be used anymore.