[TIMOB-23619] Android: Security report reveals many issues about SSL
| GitHub Issue | n/a |
|---|---|
| Type | Improvement |
| Priority | None |
| Status | Closed |
| Resolution | Won't Fix |
| Resolution Date | 2016-07-13T11:39:24.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | n/a |
| Components | Android |
| Labels | n/a |
| Reporter | Rene Pot |
| Assignee | Ashraf Abu |
| Created | 2016-07-11T09:11:03.000+0000 |
| Updated | 2017-03-23T22:44:48.000+0000 |
Description
In the attachment there is a security report about Android. There are 8 issues. Many of which are about SSL.
Attachments
| File | Date | Size |
|---|---|---|
| net.roamler (1).pdf | 2016-07-11T09:10:54.000+0000 | 8861 |
Based on that report, here's the SSL issues: Issue 3: This is used only in development. In Production, this class is not used. Issue 6: It's a feature to can be used to disable/ignore this. Issue 7: Same as Issue 3. Issue 8: We are using it for our bindings. This is already noted in the docs [https://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object, java.lang.String)] Please note, a number of the issues listed also include Facebook classes. The issues listed has a valid reason to be there and they've actually been noted before to not cause issues. Thanks for the report [~topener].
Perhaps issue 8 can have some improvements. Besides that, I'll resolve this issue as Won't Fix.
Closing ticket as Won't Fix with reference to the above comments.