React Native Android Google Play HostnameVerifier rejection
I've been trying to submit an app to the Google Play store. The app is based on React Native. It is just a simple WebView app, which opens the link to an online merchant, and doesn't have many functions made into the app itself.
As you can imagine, there is not much code which belongs specifically to the app itself, and the majority of code is what is there inside the React Native and other libraries itself. On the other hand, we have mostly written on the JavaScript side of things, barring a very small bit for integrating libraries which have Native Modules (e.g. React Native Firebase requiring Firebase integration in Java / Gradle).
I have also previously submitted a larger app which not only used React Native WebViews but also made network requests. This app was accepted into the Google Play Store without any such hassle. I have verified that the previous app and this app have all the same versions for the packages (they both use very identical dependencies), so we can rule out problems which may have occurred in a new version of a library (as a bug). Yet now I'm getting an automatic rejection email from Google Play which reads (excerpt):
Your app(s) are using an unsafe implementation of the
HostnameVerifierinterface.
Is there some step that I should take now (please remember, in the context of a React Native Android app)? I have searched SO and found some answers like https://stackoverflow.com/a/41014233/1847976 . However,
- I was not even able to locate any code (even in the libraries) which was setting an unsafe HostnameVerifier
- This code is definitely in some library and it might not be for to me to edit any libraries in node_modules since I use CI builds, and then obviously the CI will use vanilla versions of libraries.
Is there any other class or method (in the structure of a React Native Android project - e.g. MainActivity or MainApplication) where I can place another overriden HostnameVerfier (or even something like https://stackoverflow.com/a/41330005 which can apparently fool the automatic detection by Google, haha) or will that simply get ignored?
android react-native https 
google-play android-httptransport asked Dec 31 '18 at 14:54
Divyansh GoenkaDivyansh Goenka
148116
add a comment |
I've been trying to submit an app to the Google Play store. The app is based on React Native. It is just a simple WebView app, which opens the link to an online merchant, and doesn't have many functions made into the app itself.
As you can imagine, there is not much code which belongs specifically to the app itself, and the majority of code is what is there inside the React Native and other libraries itself. On the other hand, we have mostly written on the JavaScript side of things, barring a very small bit for integrating libraries which have Native Modules (e.g. React Native Firebase requiring Firebase integration in Java / Gradle).
I have also previously submitted a larger app which not only used React Native WebViews but also made network requests. This app was accepted into the Google Play Store without any such hassle. I have verified that the previous app and this app have all the same versions for the packages (they both use very identical dependencies), so we can rule out problems which may have occurred in a new version of a library (as a bug). Yet now I'm getting an automatic rejection email from Google Play which reads (excerpt):
Your app(s) are using an unsafe implementation of the
HostnameVerifierinterface.
Is there some step that I should take now (please remember, in the context of a React Native Android app)? I have searched SO and found some answers like https://stackoverflow.com/a/41014233/1847976 . However,
- I was not even able to locate any code (even in the libraries) which was setting an unsafe HostnameVerifier
- This code is definitely in some library and it might not be for to me to edit any libraries in node_modules since I use CI builds, and then obviously the CI will use vanilla versions of libraries.
Is there any other class or method (in the structure of a React Native Android project - e.g. MainActivity or MainApplication) where I can place another overriden HostnameVerfier (or even something like https://stackoverflow.com/a/41330005 which can apparently fool the automatic detection by Google, haha) or will that simply get ignored?
android react-native https google-play android-httptransport asked Dec 31 '18 at 14:54
Divyansh GoenkaDivyansh Goenka
148116
add a comment |
I've been trying to submit an app to the Google Play store. The app is based on React Native. It is just a simple WebView app, which opens the link to an online merchant, and doesn't have many functions made into the app itself.
As you can imagine, there is not much code which belongs specifically to the app itself, and the majority of code is what is there inside the React Native and other libraries itself. On the other hand, we have mostly written on the JavaScript side of things, barring a very small bit for integrating libraries which have Native Modules (e.g. React Native Firebase requiring Firebase integration in Java / Gradle).
I have also previously submitted a larger app which not only used React Native WebViews but also made network requests. This app was accepted into the Google Play Store without any such hassle. I have verified that the previous app and this app have all the same versions for the packages (they both use very identical dependencies), so we can rule out problems which may have occurred in a new version of a library (as a bug). Yet now I'm getting an automatic rejection email from Google Play which reads (excerpt):
Your app(s) are using an unsafe implementation of the
HostnameVerifierinterface.
Is there some step that I should take now (please remember, in the context of a React Native Android app)? I have searched SO and found some answers like https://stackoverflow.com/a/41014233/1847976 . However,
- I was not even able to locate any code (even in the libraries) which was setting an unsafe HostnameVerifier
- This code is definitely in some library and it might not be for to me to edit any libraries in node_modules since I use CI builds, and then obviously the CI will use vanilla versions of libraries.
Is there any other class or method (in the structure of a React Native Android project - e.g. MainActivity or MainApplication) where I can place another overriden HostnameVerfier (or even something like https://stackoverflow.com/a/41330005 which can apparently fool the automatic detection by Google, haha) or will that simply get ignored?
android react-native https google-play android-httptransport asked Dec 31 '18 at 14:54
Divyansh GoenkaDivyansh Goenka
148116
I've been trying to submit an app to the Google Play store. The app is based on React Native. It is just a simple WebView app, which opens the link to an online merchant, and doesn't have many functions made into the app itself.
As you can imagine, there is not much code which belongs specifically to the app itself, and the majority of code is what is there inside the React Native and other libraries itself. On the other hand, we have mostly written on the JavaScript side of things, barring a very small bit for integrating libraries which have Native Modules (e.g. React Native Firebase requiring Firebase integration in Java / Gradle).
I have also previously submitted a larger app which not only used React Native WebViews but also made network requests. This app was accepted into the Google Play Store without any such hassle. I have verified that the previous app and this app have all the same versions for the packages (they both use very identical dependencies), so we can rule out problems which may have occurred in a new version of a library (as a bug). Yet now I'm getting an automatic rejection email from Google Play which reads (excerpt):
Your app(s) are using an unsafe implementation of the
HostnameVerifierinterface.
Is there some step that I should take now (please remember, in the context of a React Native Android app)? I have searched SO and found some answers like https://stackoverflow.com/a/41014233/1847976 . However,
- I was not even able to locate any code (even in the libraries) which was setting an unsafe HostnameVerifier
- This code is definitely in some library and it might not be for to me to edit any libraries in node_modules since I use CI builds, and then obviously the CI will use vanilla versions of libraries.
Is there any other class or method (in the structure of a React Native Android project - e.g. MainActivity or MainApplication) where I can place another overriden HostnameVerfier (or even something like https://stackoverflow.com/a/41330005 which can apparently fool the automatic detection by Google, haha) or will that simply get ignored?
android react-native https google-play android-httptransport android react-native https google-play android-httptransport asked Dec 31 '18 at 14:54
Divyansh GoenkaDivyansh Goenka
148116
asked Dec 31 '18 at 14:54
Divyansh GoenkaDivyansh Goenka
148116
asked Dec 31 '18 at 14:54
Divyansh GoenkaDivyansh Goenka
148116
asked Dec 31 '18 at 14:54
Divyansh GoenkaDivyansh Goenka
148116
asked Dec 31 '18 at 14:54
Divyansh GoenkaDivyansh Goenka
148116
148116
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53988753%2freact-native-android-google-play-hostnameverifier-rejection%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53988753%2freact-native-android-google-play-hostnameverifier-rejection%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
