IBM MobileFirst Platform Foundation Responds to Google Play Store Announcement of Blocking Apps Using Vulnerable OpenSSL Version
[UPDATE Sept. 29, 2016] Update to iFix level 6.3.0.00.20160526-2153 or later to avoid OpenSSL issues on MobileFirst Platform Foundation 6.3.
The Google Play Store has sent the following notification to app developers:
Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of OpenSSL. If you’re using a 3rd party library that bundles OpenSSL, you’ll need to upgrade it to a version that bundles OpenSSL 1.02f/1.01r or higher.
Related APAR: PI60605 OPENSSL RECEIVED SECURITY UPDATES AND MUST BE UPGRADED TO 1.0.2F
The IBM distribution of OpenSSL is embedded in the MobileFirst Platform Foundation product, and the vulnerability fixes to OpenSSL are delivered as a MobileFirst Platform Foundation iFix.
Applications that are built using MobileFirst Studio from the following iFixes, will have the build ID embedded in them. Google will use the Build ID to identify IBM MobileFirst apps. This in turn will ensure Google will not block the applications from the Google Play Store.
- 7.1.0 IF20160724-1420 and later builds
- 7.0.0 IF20160526-2153 and later builds
- 6.3.0 IF20160526-2153 and later builds
- 6.2.0 IF20160524-0631 and later builds
- 6.1.0 IF20160528-1310 and later builds
After installing the iFix, rebuild the application, create a new APK, and upload it to the Google Play Store.
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.