我收到了来自 Google 的这条消息。我们没有使用任何 TrustManager 等。我们使用的是 okhttp 和 google Publisher，我不知道如何检测此安全漏洞。

我们发现您的应用包含安全漏洞，这可能会导致 暴露用户信息或损坏用户设备。这是违规行为 设备和网络滥用政策。具体来说，您的应用是 容易受到 TrustManager 的攻击。要解决此问题，请按照以下步骤操作 这篇 Google 帮助中心文章。

受影响的版本：APK：21

dependencies {
    implementation 'androidx.constraintlayout:constraintlayout:2.0.4'
    implementation "androidx.multidex:multidex:2.0.1"
    implementation 'com.google.android.material:material:1.2.1'

    implementation 'com.google.firebase:firebase-messaging:21.0.1'

    implementation 'com.facebook.android:facebook-android-sdk:8.2.0'

    implementation 'com.github.chrisbanes:PhotoView:2.1.3'
    implementation 'org.jsoup:jsoup:1.13.1'
    implementation 'com.android.billingclient:billing:3.0.2'
    annotationProcessor 'com.jakewharton:butterknife-compiler:10.2.3'
    implementation 'com.jakewharton:butterknife:10.2.3'

    implementation 'io.reactivex.rxjava3:rxjava:3.0.8'

    implementation 'com.google.code.gson:gson:2.8.6'

    implementation 'com.varunjohn1990.libraries:WhatsappMessengerView:2.1.0'

    implementation 'com.google.apis:google-api-services-androidpublisher:v3-rev20201125-1.31.0'
    implementation 'com.google.auth:google-auth-library-oauth2-http:0.22.2'

    implementation 'com.github.drawers:SpinnerDatePicker:2.0.1'
    implementation 'com.elyeproj.libraries:loaderviewlibrary:2.0.0'
    implementation 'link.fls:swipestack:0.3.0'

    implementation 'jp.wasabeef:picasso-transformations:2.4.0'
    // If you want to use the GPU Filters
    implementation 'jp.co.cyberagent.android:gpuimage:2.1.0'

    implementation 'com.squareup.picasso:picasso:2.71828'

    implementation 'com.github.HamidrezaAmz:AndroidImageSlider:v1.0.8'
    implementation 'com.eightbitlab:blurview:1.6.3'

    implementation 'pl.bclogic:pulsator4droid:1.0.3'

    implementation 'com.google.android.play:core:1.9.0'

    implementation project(':bottomnavbar')
    implementation project(':segmentcontrol')
    implementation project(':scrool')
}

\build.gradle：错误：commons-logging 定义了冲突的类 使用 Android 提供的类。解决方案包括寻找更新的 没有相同问题的版本或替代库 （例如，对于 httpclient，请改用 HttpUrlConnection 或 okhttp）， 或者使用 jarjar 之类的东西重新打包库。 [重复 catePlatformClasses]

\build.gradle: 错误：httpclient 定义的类与 现在由Android提供的类。解决方案包括寻找更新的 没有相同问题的版本或替代库 （例如，对于 httpclient，请改用 HttpUrlConnection 或 okhttp）， 或者使用 jarjar 之类的东西重新打包库。 [重复P latform类]

这修复了这些错误：

implementation ('com.google.apis:google-api-services-androidpublisher:v3-rev20201125-1.31.0')  {
    exclude group: 'org.apache.httpcomponents'
}

implementation ('com.google.auth:google-auth-library-oauth2-http:0.22.2')  {
    exclude group: 'org.apache.httpcomponents'
}

    OkHttpService service = new OkHttpService();
    SubscriptionPurchase purchase = new AndroidPublisher.Builder(new NetHttpTransport(),JacksonFactory.getDefaultInstance(),new HttpCredentialsAdapter(GoogleCredentials.fromStream(service.sendRequestInput(config.CREPATH + "credentials.json",null)).
            createScoped(AndroidPublisherScopes.ANDROIDPUBLISHER))).setApplicationName(String.valueOf(R.string.app_name)).
            build().purchases().subscriptions().
            get(BuildConfig.APPLICATION_ID,subscriptionID,token).execute();


<issue
    id="TrustAllX509TrustManager"
    severity="Warning"
    message="`checkServerTrusted` is empty,which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers"
    category="Security"
    priority="6"
    summary="Insecure TLS/SSL trust manager"
    explanation="This check looks for X509TrustManager implementations whose `checkServerTrusted` or `checkClientTrusted` methods do nothing (thus trusting any certificate chain) which could result in insecure network traffic caused by trusting arbitrary TLS/SSL certificates presented by peers.">
    <location
        file="Project\com\google\api\client\util\SslUtils$1.class"/>
</issue>

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）