Rejected from Google Play due to unsafe implementation of X509TrustManager

[tempurai]

Required Information

• Mode (Mock/Sandbox/Live):
  Both
• PayPal Android SDK Version:
  2.15.0

compile('com.paypal.sdk:paypal-android-sdk:2.15.0') {
        exclude group: 'io.card'
}

• Android Version and Device (Motorola Droid Razr Maxx with Android 4.4.2, Samsung S7 with Android 6.0, etc...):
  All
• PayPal-Debug-ID(s) (from any logs):

Issue Description

Rejected from Google Play due to unsafe implementation of X509TrustManager. We have tested many times and believe it is origined from this SDK

Out testing tool indicates it is from
Package: com.paypal.android.sdk.cc
Method: checkServerTrusted

Package: com.paypal.android.sdk.cd
Method: verify

[jaypatel512]

Hey @llcan1120 !

We do have a X509TrustManager used for internal testing only. I will go ahead and test it out, and remove them to bypass google's security check. I will keep you updated.

[tempurai]

Thanks!

[tempurai]

@jaypatel512 Hi, is there any update?

[jaypatel512]

Hey @llcan1120 ! Sorry for the delay. We have completed the changes internally. We will be releasing the latest version with the fixes very soon.

[jaypatel512]

The new version has been released with the fix. Please update and let us know if you face any other issues.

[tempurai]

@jaypatel512 Thx, I confirm that new version can be accepted in Google Play.

[indie-dev]

FIX DIDNT WORK. ISSUE STILL EXISTS.

[randstraw]

@indie-dev please create a new issue if you are still encountering a problem, as the original report has been resolved.