0

我最近在 google play 上发布了一个应用程序,我收到了来自 google play 团队的一封电子邮件,其中说:...发现您的应用程序使用的软件包含用户安全漏洞。具有这些漏洞的应用程序可能会暴露用户信息或损坏用户的设备,并可能被视为违反我们的恶意行为政策。

以下是在您最近提交的文件中检测到的问题列表和相应的 APK 版本。请尽快迁移您的应用以使用更新后的软件,并增加升级后 APK 的版本号。

漏洞:信任管理器

我的应用程序是用 Flutter 开发的...

如果你能帮助我,我真的不知道如何解决这个问题。

发布规范.yaml

name: ...
description: ...

version: 1.0.1+2

environment:
  sdk: ">=2.1.0 <3.0.0"

dependencies:
  flutter:
    sdk: flutter

  # The following adds the Cupertino Icons font to your application.
  # Use with the CupertinoIcons class for iOS style icons.
  cupertino_icons: ^0.1.2

  #bottom_navy_bar: ^5.3.2
  http: ^0.12.2
  shared_preferences: ^0.5.6+1
  location: ^2.3.5
  sqflite: ^1.2.0
  path_provider: ^1.6.0
  image_picker: ^0.6.3+1
  intl: ^0.16.1
  country_code_picker: ^1.2.4

  multi_image_picker: ^4.6.1

  firebase_auth: ^0.16.1
  image_cropper: ^1.2.1
  validators: ^2.0.0+1
  firebase_messaging: ^6.0.9
  esys_flutter_share: ^1.0.2
  photo_view: ^0.9.1
  material_design_icons_flutter: ^3.4.4895
  url_launcher: ^5.4.1
  cached_network_image: ^2.0.0
  encrypt: ^4.0.0
  flutter_local_notifications: ^1.1.6
  r_scan: ^0.1.3+2
  permission_handler: ^4.2.0+hotfix.3
  native_contact_picker: ^0.0.6
  qr_utils:
    path: packages/qr_utils
  libphonenumber: ^1.0.1
  flutter_cache_manager: ^1.1.3
  csv: ^4.0.3
  excel: ^1.0.2
  pdf: ^1.5.0
  printing: any
  flutter_swiper: ^1.1.6
  flutter_rating_bar: ^3.0.1+1
  flutter_native_admob: ^2.1.0

dev_dependencies:
  flutter_test:
    sdk: flutter

flutter:

  uses-material-design: true

  assets:
    - assets/images/

代码

String url = "https://exemple.com/resources/users/1";
        try {
            final response = await http.get(url);
            if (response.statusCode == 200) {
                //parse user
            }
        } on SocketException {
            
        } catch (ex) {
            print(ex.toString());
        }
return null;

扑医生

[√] Flutter (Channel stable, v1.17.3, on Microsoft Windows [version 10.0.10240], locale fr-FR)
    • Flutter version 1.17.3 at C:\souces\flutter
    • Framework revision b041144f83 (8 weeks ago), 2020-06-04 09:26:11 -0700
    • Engine revision ee76268252
    • Dart version 2.8.4

[√] Android toolchain - develop for Android devices (Android SDK version 30.0.0)
    • Android SDK at D:\android\android-sdk-windows
    • Platform android-30, build-tools 30.0.0
    • ANDROID_HOME = D:\android\android-sdk-windows
    • Java binary at: C:\Program Files\Android\Android Studio\jre\bin\java
    • Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
    • All Android licenses accepted.

[√] Android Studio (version 4.0)
    • Android Studio at C:\Program Files\Android\Android Studio
    • Flutter plugin version 46.0.2
    • Dart plugin version 193.7361
    • Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)

[√] VS Code (version 1.46.0)
    • VS Code at C:\Users\User\AppData\Local\Programs\Microsoft VS Code
    • Flutter extension version 3.12.2

[√] Connected device (1 available)
    • TECNO WX4 • 0257309828005184 • android-arm • Android 7.0 (API 24)

• No issues found!
4

1 回答 1

1

这可能是由r_scan库引起的,因为它使用了X509TrustManager. 看到这个问题。

于 2020-10-15T06:48:27.353 回答