This is my first time submitting an app to the Google Play store, so I'm not very experienced with the process at all. After struggling for a bit to get it to build correctly, I was finally able to upload an app bundle and send it in for review. A few minutes later I got an email saying my app was "vulnerable to Intent Redirection" and recommended the following article for support: https://support.google.com/faqs/answer/9267555. The problem is I don't understand much of what the article is saying! As far as I know, I haven't messed with anything like this. I've only downloaded the base NDK and SDK stuff from Unity Hub, and I haven't changed any of the code in Android Studio at all. I asked Google for support, and they said:
"We’ve identified that your app is using the AliPay SDK or library, which facilitates the transmission of phone number information without meeting the prominent disclosure guidelines. If necessary, you can consult your SDK provider(s) for further information or please upgrade AliPay SDK version to 15.5.5 or higher."
Please help! Is there an easy fix to this that I'm missing somehow? I don't even know what AliPay is, as I said I'm a total beginner here. In case it's useful info to have, I'm using Unity 2019.2.13f1 on a Macbook Pro running High Sierra 10.13.6.
Well, do what the message says "upgrade AliPay SDK version to 15.5.5 or higher".
Just go to Android Studio and open your build.gradle file then update that lib version. It will be marked with a yellow line, that means that lib has an update. Focus on that line, then do Alt + Click then Enter, now sync and you've done. Upload the new apk.
Related
So in the Google pay integration with Android, Google says that devices should have play services 16.0 or more. But so far I can only find version upto 14.X.
What gives? has anyone ran into this issue?
I am using Stripe for integration. For some reason, I am getting this exception:
Android.Gms.Common.Apis.ApiException: 10:
then bunch of anonymized classes.
If you check the currently available version of GooglePlayServices on maven it is 16.1.2
But if you check NuGet for Xamarin.GooglePlayServices with pre-release enabled the latest version available is 70.1501.0-preview2 which if I am not wrong targets the maven version 15.0.1 and since I could not find any release notes in regards to when will be the latest GooglePlayServices NuGet would be released I would suggest you will have to wait until it is released.
A quick question though why do you need the latest GooglePlayServices I am pretty sure it is not needed for Google Pay integration.
As G.hakim points out, you need a version that supports Google Pay, not necessary the latest, although it's recommended to inspect and update the version of the libraries you typically use.
Google Pay specific logs are shared at a system level. That is, you need remove the filter in the logs to show all logs. If you then filter the output with the term "wallet" you should be able to find elements of the type WalletMerchantError that provide more details about the specific problem in your configuration / setup.
I am trying to upload my Android app to Google Play, however, on APK upload processing, I am getting the error:
The maximum SDK version cannot be lower than the minimum SDK version.
This sounds obvious, however, nowhere in my app is there a maxSdkVersion set. I have uploaded apk's in the past successfully, with those having only code differences.
Google-ing this error also yields nothing, so I'm completely at a loss here. Play does not seem to provide any more detail that that message.
Has anyone seen this error on uploading an APK to Play before? Or, does anyone know a way to get more detailed information on errors when uploading to Play?
I am using Android Studio 3.1.2, and building with Gradle 4.1
There are a few places where one could find a value for maxSdkVersion: "build.gradle" and "AndroidManifest.xml" files.
Open your manifest file in Android Studio and take a look at the "Merged Manifest" (tab choice at bottom of edit window). Look for <uses-sdk and see if a "maxSdkVersion" has been set.
Another place you might find a is under the tag <uses-permission. Check to see if a "maxSdkVersion" has been set.
If you need further information on these tags take a look at the Google Docs:
https://developer.android.com/guide/topics/manifest/manifest-element
https://developer.android.com/guide/topics/manifest/uses-sdk-element
I am a little new to Android development.
I have a hybrid app which uses Apache cordova plugins.
I am using eclipse to generate the APK.
But when I publish the APK, the Google play store rejects it saying:
APP UPDATE REJECTED
Your APK has been rejected for containing security vulnerabilities, which violates the Malicious Behavior policy. The Alerts page has more information about how to resolve the issue. If you submitted an update, the previous version of your app is still live on Google Play.
And, when I click on the alerts page the following error shows up:
Security alert :
Your app is using a version of Apache Cordova containing one or more security vulnerabilities. Please see this Google Help Center article for details, including the deadline for fixing the app.
I have already tried the followings:
Update the android platform (cordova platform update android), but no positive results.
I could not update all the cordova plugins as I am getting errors. (wanted to know can this be the issue)
I am building this APK using the Eclipse IDE and I went through this ADT plugin release note https://developer.android.com/studio/tools/sdk/eclipse-adt.html which says: The Eclipse ADT plugin is no longer supported
Eventually I will be importing my project to Android studio but I want an app update immediately thats why still using Eclipse.
If Eclipse is the reason then I immediately need to import my app to Android studio.
I want to figure out that which one of the last two point is responsible for my app rejection.
Also, if none of these are responsible then what could be the possible reason for my app rejection.
Thanks in advance.
An APK is an APK, regardless of where you developed the code. You can write the code in Eclipse, Android Studio, or you can write the code in your favorite plain text editor. The end APK will be indistinguishable regardless of which editor you use.
The error in this case seems to be pretty clear- your version of Cordova has known vulnerabilities and you need to update that.
Run cordova platform version android to check your version. The error message you are receiving will show for anything less than 4.1.1.
The best path would probably be to upgrade to 5.x, as detailed here.
I am trying to set up App Invites beta library in my application.
The guide suggests to add this dependency:
compile 'com.google.android.gms:play-services:8.4.0’
with 8.4 being the latest version, but actually I want to stick with v. 7.8 (or so) for a while, because in my experience lots of devices are still below, and if they install my app they’ll be asked to update their play services. Nothing wrong, but I just want to stick with that version for a while.
I couldn’t find any info about that on the official docs.
AppInvites was first released in Play Services 8.1. It received a fairly significant update in 8.4, but before that it didn't change much from what I can tell.
I know on iOS that if you raise the min iOS version on a release it means that any devices that are unsupported can still download the previous application that does support them.
Is there such a thing on Android or is at as soon as you release the new APK, the old one is removed from sale?
Whether the APK is removed or not depends on you - if you keep both versions active, GP will resolve which one should every user get - those with newer APIs will get updated one, those with old APIs will still be able do download previous version.
If you are really into "separate API", read this article.
EDIT:
I believe similar question was asked here.
If you raise sdk version user with old sdk will not be able to download it. If user has already installed apk with old sdk and you update apk in gplay, he can use it while he doesn't uninstall it manually.