OpenSSL Security Alert for existing apps in Google Play Store

If you have a Worklight Foundation or MobileFirst Platform Foundation application deployed in the Google Play Store, you may soon receive the following warning issued by Google:

missing_alt

Note: This is only a warning; the applications at this time continue to work normally.

Note: In some cases this will not be related to Worklight/MobileFirst Platform:

  • If you are using the FIPS feature provided by IBM - related to Worklight/MFP
  • If you are using the FIPS & JSONStore features provided by IBM - related to Worklight/MFP
  • If you are using the JSONStore feature provided by IBM - used OpenSSL is the one supplied by the device OS - be sure the device is patched to the latest version
  • If you are using a 3rd party library containing OpenSSL - related to the library; be sure to update your 3rd party libraries

In case your are using the FIPS feature and you have received this warning, you only need to update the latest available iFix release for your Worklight/MobileFirst Platform version.

Note: the issue resides only on the client-side. No server change is required.

Once you download the updated Studio/CLI you need to:

  1. Install the updated Studio plug-in/CLI
  2. Build your application (don't forget to update the version number in application-descriptor.xml)
  3. Generate the .apk file
  4. Upload the updated .apk to the Google Play Store

The next time Google Play Store scans apps in their servers, the warning will disappear.

Last modified on May 01, 2016
Share this post: