Please Note: Google Play Store Submission Warnings

Question

Please Note: Google Play Store Submission Warnings

Closed this issue 2 years ago · 20 comments

Google has identified security issues found within WebRTC, including version M88 used by Twilio Programmable Video. As a result, some customers have reported their submissions have been 'flagged' by Google. Your application will continue to be approved by the Play store however, you may receive the related warning. We are currently working on addressing the issue and are upgrading WebRTC. We will update this thread as we have more information to share.

Answer 1 · 2022-11-09T17:00:13.000Z

@afalls-twilio any updates on this?

Answer 2 · 2022-11-17T08:24:49.000Z

@afalls-twilio please update on this with some ETA

Answer 3 · 2022-11-22T03:25:56.000Z

@afalls-twilio is there any update on this issue?

Answer 4 · 2022-11-22T21:27:40.000Z

@kalipersyn @maven08 @AcHsu104 We are in the process of upgrading our internal versions of WebRTC and making/porting over the necessary modifications (we use a modified version of webrtc), we are targeting end of first quarter 2023...

FYI: I believe the biggest security holes that were fixed are related to the data channel.

Answer 5 · 2022-12-26T08:55:42.000Z

Hi all, When I am trying to publish my app on Google play store I am getting this error after their review
"Your app uses a bad version of WebRTC, which contains security vulnerabilities"

Can you please tell me how to get rid of this ? IOS has been published, no issue there.

Answer 6 · 2023-01-17T08:18:45.000Z

I had also the same issue when I wanted to publish. Is there any solution for that.

Answer 7 · 2023-01-17T08:23:25.000Z

I had also the same issue when I wanted to publish. Is there any solution for that.

@AkbarovZohidjon You will get a message in inbox of google play account after some time that "Your app is ready to be published" (something like that), then you can publish the same one with this error. Maybe just wait for that message and try roll out again existing version.

Answer 8 · 2023-01-30T18:59:41.000Z

Any update on this?

Answer 9 · 2023-02-14T13:30:17.000Z

I had also faced this issue, Any update on this?

Answer 10 · 2023-02-15T06:33:56.000Z

Hello @afalls-twilio ,
Hope you are fine

Please help me about this issue .

error
1 Error
1 MESSAGE FOR VERSION CODE 27
error
Vulnerable WebRTC Versions
Your app uses a bad version of WebRTC, which contains security vulnerabilities.

Answer 11 · 2023-02-24T10:51:52.000Z

~~Please note that Google no longer allow publish to live with this vulnerability. We can no longer publish updates while this is outstanding.~~

Answer 12 · 2023-02-24T15:25:10.000Z

Please note that Google no longer allow publish to live with this vulnerability.

Can you share some source @deive please? Or a screenshot?

Answer 13 · 2023-02-24T15:51:02.000Z

@fabiendem Looks like I posted a bit too early - the update has now been approved. It just took a lot longer than expected. Phew!

Answer 14 · 2023-02-28T14:00:15.000Z

any update?

Answer 15 · 2023-02-28T14:22:49.000Z

Twilio support just days they are working on it. Pretty crazy given this is what they do. Why didn't their internal tooling flag this sooner? Why is it taking so long to update? Have they forked webrtc or something?

…

On Tue, Feb 28, 2023, 9:00 AM Anderson R. Vanzo ***@***.***> wrote: any update? — Reply to this email directly, view it on GitHub <#731 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AACWNJODQX276GT7VVIBNBDWZYAHVANCNFSM6AAAAAARQIJLSY> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

Answer 16 · 2023-02-28T17:20:34.000Z

[...] We are in the process of upgrading our internal versions of WebRTC and making/porting over the necessary modifications (we use a modified version of webrtc), we are targeting end of first quarter 2023...

FYI: I believe the biggest security holes that were fixed are related to the data channel.

@afalls-twilio is there any way you could give us a status of the project please?

Answer 17 · 2023-02-28T23:12:02.000Z

Hi Everyone. First, thank you for your patience as this issue has been open for awhile. Second, upgrading WebRTC is a lengthy process, and the team is diligently working to ensure we do not introduce any bugs, while simultaneously working on other issues. We will post here, and in our normal changelogs, when when we have further updates. Rest assured, this issue is in our “currently being worked on” top issue list.

Answer 18 · 2023-03-15T22:17:56.000Z

Good news all! We are in the final stages of releasing Twilio Video SDK with an upgraded WebRTC version (m105). This should address all the play-store submission issues. Will keep you all posted

Answer 19 · 2023-03-27T22:48:16.000Z

Twilio Video 7.6.1 has been released. This included an upgrade of WebRTC which should resolve this issue... get more info about the release here...
https://www.twilio.com/docs/video/changelog-twilio-video-android-v7

Answer 20 · 2023-03-28T12:02:42.000Z

Just released an update, with no security warning.
Good job, thanks very much!