How to fix unsafe implementation of X509TrustManager in Android app

I have solved this using the following code:

public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                try {
                    chain[0].checkValidity();
                } catch (Exception e) {
                    throw new CertificateException("Certificate not valid or trusted.");
                }
            }

If you encounter this from external library you're using, check if appache libraray is the cause of it.

For me apache library caused the error : i was using deprecated class - MultipartEntity. This class uses SSLContextBuilder which uses TrustManagerDelegate. TrustManagerDelegate implements X509TrustManager, which cause "unsafe implementation of TrustManager" error when uploading application to google play store.

The solution is : instead of deprecated MultipartEntity class, use MultipartEntityBuilder.

For example :

MultipartEntity httpMultipart = new MultipartEntity();
String contentType = httpMultipart.getContentType().getValue();

Will be replaced by :

MultipartEntityBuilder httpMultipart = new MultipartEntityBuilder();
String contentType = httpMultipart.build().getContentType().getValue();

Add the upgraded version of OKttps worked for me crashing in Android 10

implementation 'com.squareup.okhttp3:okhttp:4.8.0'

How to fix unsafe implementation of X509TrustManager in Android app

Tags:

Android Security

Trustmanager

Related

Recent Posts