I recently published an application on google play, and I received an email from the google play team which says: ...and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device, and may be considered to be in violation of our Malicious Behavior policy.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please migrate your apps to use the updated software as soon as possible and increment the version number of the upgraded APK.
Vulnerability : TrustManager
My application was developed with Flutter...
I really don't know how to fix this, if you can help me.
pubspec.yaml
name: ...
description: ...
version: 1.0.1+2
environment:
sdk: ">=2.1.0 <3.0.0"
dependencies:
flutter:
sdk: flutter
# The following adds the Cupertino Icons font to your application.
# Use with the CupertinoIcons class for iOS style icons.
cupertino_icons: ^0.1.2
#bottom_navy_bar: ^5.3.2
http: ^0.12.2
shared_preferences: ^0.5.6+1
location: ^2.3.5
sqflite: ^1.2.0
path_provider: ^1.6.0
image_picker: ^0.6.3+1
intl: ^0.16.1
country_code_picker: ^1.2.4
multi_image_picker: ^4.6.1
firebase_auth: ^0.16.1
image_cropper: ^1.2.1
validators: ^2.0.0+1
firebase_messaging: ^6.0.9
esys_flutter_share: ^1.0.2
photo_view: ^0.9.1
material_design_icons_flutter: ^3.4.4895
url_launcher: ^5.4.1
cached_network_image: ^2.0.0
encrypt: ^4.0.0
flutter_local_notifications: ^1.1.6
r_scan: ^0.1.3+2
permission_handler: ^4.2.0+hotfix.3
native_contact_picker: ^0.0.6
qr_utils:
path: packages/qr_utils
libphonenumber: ^1.0.1
flutter_cache_manager: ^1.1.3
csv: ^4.0.3
excel: ^1.0.2
pdf: ^1.5.0
printing: any
flutter_swiper: ^1.1.6
flutter_rating_bar: ^3.0.1+1
flutter_native_admob: ^2.1.0
dev_dependencies:
flutter_test:
sdk: flutter
flutter:
uses-material-design: true
assets:
- assets/images/
code
String url = "https://exemple.com/resources/users/1";
try {
final response = await http.get(url);
if (response.statusCode == 200) {
//parse user
}
} on SocketException {
} catch (ex) {
print(ex.toString());
}
return null;
flutter doctor
[√] Flutter (Channel stable, v1.17.3, on Microsoft Windows [version 10.0.10240], locale fr-FR)
• Flutter version 1.17.3 at C:\souces\flutter
• Framework revision b041144f83 (8 weeks ago), 2020-06-04 09:26:11 -0700
• Engine revision ee76268252
• Dart version 2.8.4
[√] Android toolchain - develop for Android devices (Android SDK version 30.0.0)
• Android SDK at D:\android\android-sdk-windows
• Platform android-30, build-tools 30.0.0
• ANDROID_HOME = D:\android\android-sdk-windows
• Java binary at: C:\Program Files\Android\Android Studio\jre\bin\java
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
• All Android licenses accepted.
[√] Android Studio (version 4.0)
• Android Studio at C:\Program Files\Android\Android Studio
• Flutter plugin version 46.0.2
• Dart plugin version 193.7361
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
[√] VS Code (version 1.46.0)
• VS Code at C:\Users\User\AppData\Local\Programs\Microsoft VS Code
• Flutter extension version 3.12.2
[√] Connected device (1 available)
• TECNO WX4 • 0257309828005184 • android-arm • Android 7.0 (API 24)
• No issues found!
It's probably caused by the r_scan library as it uses custom implementation of the X509TrustManager. See this issue.
Related
The Problem:
I have an app that uses sembast and shared_preferences to store data.
Recently I Accidently Downgraded my app which caused it to lose all data stored.
I tested it in both physical as well as Emulator device both result in the same issue.
is there a way to fix this?
Note: By "fix this" I mean to prevent further data loss in case of downgading not the recovery of the lost data)
Steps to Reproduce:
1)Create a project
2)Store data in shared -references or sembast
3)Hot restart
4)Change build number to a lower number than the previous build (Ex: 1.0.0+110 to 1.0.0+109)
5)Hot restart
Pubspec.yaml
version: 1.0.0+111
environment:
sdk: ">=2.9.0 <3.0.0"
dependencies:
flutter:
sdk: flutter
# The following adds the Cupertino Icons font to your application.
# Use with the CupertinoIcons class for iOS style icons.
cupertino_icons: ^1.0.3
excel: ^2.0.0-null-safety-3
shared_preferences: ^2.0.6
permission_handler: ^8.1.1
path_provider: ^2.0.2
sembast: ^3.1.0+2
sembast_web: ^2.0.0+2 #remove web version not being used
intl: ^0.17.0
provider: ^5.0.0
firebase_core: ^1.3.0
firebase_analytics: ^8.1.2
firebase_performance: ^0.7.0+5
firebase_crashlytics: ^2.0.6
firebase_auth: ^1.4.1
get_it: ^7.1.3
open_file: ^3.2.1
flutter_bloc: ^7.0.1
cloud_firestore: ^2.2.2 #remove and maybe use cloud functions
syncfusion_flutter_charts: ^19.1.69+1
url_launcher: ^6.0.3
file_picker: ^3.0.3
flutter_typeahead: ^3.1.3
purchases_flutter: ^3.3.0
device_info_plus: ^2.0.1
Flutter Doctor:
[√] Flutter (Channel stable, 2.2.2, on Microsoft Windows [Version 10.0.19043.1081], locale en-IN)
• Flutter version 2.2.2 at D:\Applications\flutter
• Framework revision d79295af24 (2 weeks ago), 2021-06-11 08:56:01 -0700
• Engine revision 91c9fc8fe0
• Dart version 2.13.3
[√] Android toolchain - develop for Android devices (Android SDK version 31.0.0-rc1)
• Android SDK at D:\Applications\Android-SDK
• Platform android-S, build-tools 31.0.0-rc1
• Java binary at: D:\Applications\Android_studio\jre\bin\java
• Java version OpenJDK Runtime Environment (build 11.0.8+10-b944.6842174)
• All Android licenses accepted.
[√] Chrome - develop for the web
• Chrome at C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[√] Android Studio (version 4.1.0)
• Android Studio at D:\Applications\Android_studio
• Flutter plugin can be installed from:
https://plugins.jetbrains.com/plugin/9212-flutter
• Dart plugin can be installed from:
https://plugins.jetbrains.com/plugin/6351-dart
• Java version OpenJDK Runtime Environment (build 11.0.8+10-b944.6842174)
[√] Connected device (3 available)
• sdk gphone x86 (mobile) • emulator-5554 • android-x86 • Android 11 (API 30) (emulator)
• Chrome (web) • chrome • web-javascript • Google Chrome 91.0.4472.114
• Edge (web) • edge • web-javascript • Microsoft Edge 91.0.864.37
• No issues found!
Trying to implement Jitsi_meet package , On app build getting merge error given below ,
Execution failed for task ':app:mergeProjectDexDebug'.
A failure occurred while executing com.android.build.gradle.internal.tasks.Workers$ActionFacade
com.android.builder.dexing.DexArchiveMergerException: Error while merging dex archives:
Type com.facebook.react.bridge.Arguments is defined multiple times:
/Users/sajansj/StudioProjects/inhouse/build/app/intermediates/mixed_scope_dex_archive/debug/out/584ba66c00dd915f0cb76898c276e06ba469cc05465b4dc71376b308058a70ca_1.jar:classes.dex,
/Users/sajansj/StudioProjects/inhouse/build/app/intermediates/mixed_scope_dex_archive/debug/out/3053a9ec0daa675847b7c2389366f19add1c378d7802c2c42d063b656e840c34_1.jar:classes.dex
Below are my dependent packages , seems one of them is already having Type com.facebook.react.bridge.Arguments , coudnt figure which and how to exclude the duplicates,
dependencies:
flutter:
sdk: flutter
# The following adds the Cupertino Icons font to your application.
# Use with the CupertinoIcons class for iOS style icons.
cupertino_icons: ^1.0.0
google_sign_in: ^4.4.4
firebase_auth: ^1.1.0
flutter_facebook_login: ^3.0.0
cloud_firestore: ^1.0.5
cached_network_image: ^3.0.0
flutter_auth_buttons: ^0.8.0
get: ^3.26.0
flutter_typeahead: ^1.8.1
flutter_country_picker: ^0.1.6
firebase_storage: ^8.0.3
file_picker: ^3.0.1
intl: ^0.17.0
gradient_text: ^1.0.2
firebase_messaging: ^9.1.1
http: ^0.13.1
razorpay_flutter: ^1.2.2
stripe_payment: ^1.0.10
geolocator: ^7.0.3
geocoder: ^0.2.1
photo_view: ^0.10.3
fab_circular_menu: ^1.0.1
better_player: ^0.0.50
linkify: ^4.0.0
polls: ^0.2.2
readmore: ^1.0.1
uni_links: ^0.4.0
flutter_switch: ^0.2.0
encrypt: ^5.0.0
flutter_native_splash: ^1.1.7+1
image_downloader: ^0.20.1
video_thumbnail: ^0.2.5+1
dio: ^4.0.0
focused_menu: ^1.0.5
giphy_picker: ^2.0.0
flutter_pdfview: ^1.1.0
jitsi_meet: ^4.0.0
flutter_link_previewer: ^1.0.4
device_info: ^2.0.0
assets_audio_player: ^3.0.3+2
Adding flutter doctor -v data ,
[✓] Flutter (Channel stable, 2.0.3, on macOS 11.2.3 20D91 darwin-x64, locale en-IN)
• Flutter version 2.0.3 at /Users/sajansj/Developer/flutter
• Framework revision 4d7946a68d (5 weeks ago), 2021-03-18 17:24:33 -0700
• Engine revision 3459eb2436
• Dart version 2.12.2
[✓] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
• Android SDK at /Users/sajansj/Library/Android/sdk
• Platform android-30, build-tools 30.0.3
• ANDROID_HOME = /Users/sajansj/Library/Android/sdk
• ANDROID_SDK_ROOT = /Users/sajansj/Library/Android/sdk
• Java binary at: /Applications/Android Studio.app/Contents/jre/jdk/Contents/Home/bin/java
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b3-6915495)
• All Android licenses accepted.
[✓] Xcode - develop for iOS and macOS
• Xcode at /Applications/Xcode.app/Contents/Developer
• Xcode 12.4, Build version 12D4e
• CocoaPods version 1.10.1
[✓] Chrome - develop for the web
• Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[✓] Android Studio (version 4.1)
• Android Studio at /Applications/Android Studio.app/Contents
• Flutter plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/9212-flutter
• Dart plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/6351-dart
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b3-6915495)
[✓] Connected device (3 available)
• SM N950F (mobile) • 988ad036454256553830 • android-arm64 • Android 9 (API 28)
• sdk gphone x86 arm (mobile) • emulator-5554 • android-x86 • Android 11 (API 30) (emulator)
• Chrome (web) • chrome • web-javascript • Google Chrome 89.0.4389.128
• No issues found!
When I'm triying to compile my apk in my device using flutter run, I always get the same error ERROR:flutter/lib/ui/ui_dart_state.cc(177)] Unhandled Exception: MissingPluginException(No implementation found for method getAll on channel plugins.flutter.io/shared_preferences
I have tried a lot of configurations but nothing, I'm so desperate, I need to solve this error for to continue in my work..... :( :(
Here is my flutter doctor:
[√] Flutter (Channel beta, 1.25.0-8.3.pre, on Microsoft Windows [Versión 10.0.10240], locale es-ES)
• Flutter version 1.25.0-8.3.pre at C:\sdk\flutter
• Framework revision 5d36f2e7f5 (2 weeks ago), 2021-01-14 15:57:49 -0800
• Engine revision 7a8f8ca02c
• Dart version 2.12.0 (build 2.12.0-133.7.beta)
[√] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
• Android SDK at C:\Users\prog10\AppData\Local\Android\Sdk
• Platform android-30, build-tools 30.0.3
• ANDROID_HOME = C:\Users\prog10\AppData\Local\Android\Sdk
• ANDROID_SDK_ROOT = C:\Users\prog10\AppData\Local\Android\Sdk
• Java binary at: C:\Program Files\Android\Android Studio\jre\bin\java
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
• All Android licenses accepted.
[√] Android Studio (version 4.1.0)
• Android Studio at C:\Program Files\Android\Android Studio
• Flutter plugin can be installed from:
https://plugins.jetbrains.com/plugin/9212-flutter
• Dart plugin can be installed from:
https://plugins.jetbrains.com/plugin/6351-dart
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
[√] VS Code, 64-bit edition (version 1.52.1)
• VS Code at C:\Program Files\Microsoft VS Code
• Flutter extension version 3.18.1
[√] Connected device (1 available)
• POCOPHONE F1 (mobile) • android-arm64 • Android 10 (API 29)
• No issues found!
My pubsec.yaml's configuration is the following:
name: myapp
description: App
version: 1.0.0+1
environment:
sdk: ">=2.2.2 <4.0.0"
dependencies:
flutter:
sdk: flutter
flutter_localizations:
sdk: flutter
flutter_launcher_icons: ^0.7.2
provider: ^3.2.0
splashscreen: ^1.2.0
http: ^0.12.0+2
shared_preferences: ^0.5.3+4
cupertino_icons: ^0.1.2
image_picker: ^0.6.0+3
cached_network_image: ^2.0.0-rc
flutter_html: ^0.10.4
datetime_picker_formfield:
path: ./assets/packages/datetime_picker_formfield/
intl: ">=0.15.8 <1.0.0"
table_calendar: ^2.0.1
photo_view: ^0.7.0
firebase_core: 0.4.4
firebase_auth: 0.15.3
# cloud_firestore: ^0.12.9+4
cloud_firestore: ^0.13.4
firebase_messaging: ^5.1.6
flutter_image_compress: ^0.6.3
maps_launcher: ^1.2.0
barcode_scan: ^1.0.0
flutter_inappwebview: ^2.1.0+1
flutter_share: ^1.0.2+1
path_provider: ^1.6.5
dev_dependencies:
flutter_test:
sdk: flutter
flutter_icons:
android: true
ios: true
image_path: assets/icon-paciente.png
image_path_ios: assets/icon-paciente.png
flutter:
uses-material-design: true
assets:
- assets/loader.gif
- assets/logo.png
- assets/logo-header.png
- assets/icon.png
- assets/icon-dark.png
- assets/icon-paciente.png
- assets/placeholder.png
- assets/patient1.jpg
- assets/patient2.jpg
- assets/patient3.jpg
- assets/medicamento1.jpg
- assets/medicamento2.jpg
- assets/medicamento3.jpg
- assets/paypal.png
- assets/paypal.jpg
fonts:
- family: Comfortaa
fonts:
- asset: assets/fonts/Comfortaa-Light.ttf
- asset: assets/fonts/Comfortaa-Medium.ttf
- asset: assets/fonts/Comfortaa-Regular.ttf
- asset: assets/fonts/Comfortaa-SemiBold.ttf
- asset: assets/fonts/Comfortaa-Bold.ttf
I want to know where is the problem, please anybody can help me?
It seems like some of your project's plugin is crashing. In VS code there is an extension called Version Lens which might be of help on managing plugins versions. You can also run your project in Android Studio and check logcat for exceptions. Upgrade/change plugins that crash.
In my case, I added this line within the main() and the error goes away:
SharedPreferences.setMockInitialValues({});
With that said, you should still try uninstall/ reinstall the app after flutter clean. If nothing change, the above method should work as expected
In my case, I only do flutter clean then close and restart IDE. and increase the version of my plugin you can try it once
shared_preferences: ^0.5.3+4
And then flutter pub get. I hope this will work for you
I had this error myself pretty recently. This comment on a github issue helped me out.
They say to change the proguard files in /android/app/build.gradle from
buildTypes {
release {
signingConfig signingConfigs.release
minifyEnabled true
useProguard true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
to
buildTypes {
release {
signingConfig signingConfigs.release
minifyEnabled true
useProguard true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
That's just changing the default proguard file from proguard-android.txt to proguard-android-optimize.txt.
If this solution doesn't work, it would be worthwhile to read through everything on that issue.
Error appears when performing
flutter build apk --release
and
flutter build apk
There is no error when I build the APK without having the firebase_admob
The built failed likely due to AndroidX incompatibilities in a plugin. The tool is about to try using Jetfier to solve the incompatibility.
Building plugin firebase_admob...
The plugin firebase_admob could not be built due to the issue above.
I have performed
flutter doctor --android-licenses
flutter clean
The error still appears.
Below is the flutter doctor -v result
[√] Flutter (Channel stable, 1.20.4, on Microsoft Windows [Version 10.0.18362.1082], locale en-US)
• Flutter version 1.20.4 at D:\work\flutter
• Framework revision fba99f6cf9 (2 weeks ago), 2020-09-14 15:32:52 -0700
• Engine revision d1bc06f032
• Dart version 2.9.2
[√] Android toolchain - develop for Android devices (Android SDK version 30.0.2)
• Android SDK at D:\work\AndroidSDK
• Platform android-30, build-tools 30.0.2
• ANDROID_HOME = D:\work\AndroidSDK
• ANDROID_SDK_ROOT = D:\work\AndroidSDK
• Java binary at: D:\aplikasi\Android Studio\jre\bin\java
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
• All Android licenses accepted.
[√] Android Studio (version 4.0)
• Android Studio at D:\aplikasi\Android Studio
• Flutter plugin version 49.0.2
• Dart plugin version 193.7547
• Java version OpenJDK Runtime Environment (build 1.8.0_242-release-1644-b01)
[√] Connected device (1 available)
• AOSP on IA Emulator (mobile) • emulator-5554 • android-x86 • Android 9 (API 28) (emulator)
• No issues found!
Pubspec.yaml
version: 1.0.0+1
environment:
sdk: ">=2.7.0 <3.0.0"
dependencies:
flutter:
sdk: flutter
flutter_localizations:
sdk: flutter
intl: ^0.16.0
sqflite: "^0.11.0+1"
flutter_launcher_icons: "^0.8.0"
image_picker: "0.6.1"
path_provider: ^1.6.16
path: ^1.7.0
provider: ^4.0.1
date_util: ^0.1.4
auto_size_text: ^2.1.0
flutter_masked_text: ^0.7.0
font_awesome_flutter: ^8.8.1
firebase_admob: ^0.9.0+9
flutter_icons:
android: "launcher_icon"
ios: true
image_path: "assets/icon/penqu.png"
cupertino_icons: ^0.1.3
dev_dependencies:
flutter_test:
sdk: flutter
module:
androidX: true
I managed to fix the issue using different package version
and add firebase_core.
firebase_admob: ^0.9.0+9
Then I made change to the gradle.properties file as follow
The change was gradle-4.10.2-all.zip to gradle-5.1.1-all.zip
why?
cuz it appears in the error message.
#Thu Nov 01 21:03:34 PDT 2018
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-5.1.1-all.zip
Nope. This answer doesn't work this time for me.
My flutter doctor -v
[✓] Flutter (Channel master, v0.5.9-pre.68, on Linux, locale en_US.UTF-8)
• Flutter version 0.5.9-pre.68 at /home/khophi/.flutterSetup
• Framework revision 5cd97f0004 (2 hours ago), 2018-08-16 14:10:22 -0700
• Engine revision 4ee648914f
• Dart version 2.1.0-dev.0.0.flutter-be6309690f
[✓] Android toolchain - develop for Android devices (Android SDK 27.0.3)
• Android SDK at /home/khophi/Android/sdk
• Android NDK location not configured (optional; useful for native profiling support)
• Platform android-27, build-tools 27.0.3
• ANDROID_HOME = /home/khophi/Android/sdk
• Java binary at: /usr/bin/java
• Java version OpenJDK Runtime Environment (build 1.8.0_171-8u171-b11-0ubuntu0.18.04.1-b11)
• All Android licenses accepted.
[✗] Android Studio (not installed)
• Android Studio not found; download from https://developer.android.com/studio/index.html
(or visit https://flutter.io/setup/#android-setup for detailed instructions).
[✓] VS Code (version 1.26.0)
• VS Code at /usr/share/code
• Flutter extension version 2.17.1
[✓] Connected devices (1 available)
• klte • 956e8b90 • android-arm • Android 8.1.0 (API 27)
! Doctor found issues in 1 category.
When I run flutter run, I get:
Running "flutter packages get" in townsquare...
The current Dart SDK version is 2.1.0-dev.0.0.flutter-be6309690f.
Because flutter_circular_chart 0.0.3 requires SDK version >=1.19.0 <2.0.0 and no versions of flutter_circular_chart match >0.0.3 <0.1.0, flutter_circular_chart ^0.0.3 is forbidden.
So, because mobile depends on flutter_circular_chart ^0.0.3, version solving failed.
pub get failed (1)
This is my pubspec.yaml
name: mobile
description: A new Flutter project.
version: 1.0.0+1
dependencies:
flutter:
sdk: flutter
cupertino_icons: ^0.1.2
carousel: ^0.0.1
http: "^0.11.3+16"
validate: "^1.6.0"
url_launcher: "^3.0.2"
shared_preferences: "^0.4.2"
font_awesome_flutter: "^7.0.0"
flutter_circular_chart: "^0.0.3"
flutter_local_notifications: ^0.3.6
dev_dependencies:
flutter_test:
sdk: flutter
assets:
- images/flutter.jpg
- images/logo.png
- images/bg_viewer.jpg
With the above, please enlighten me, what's wrong?
That's is because you are using : Dart version 2.1.0-dev.0.0.flutter-be6309690f and the plugin named flutter_circular_chart has a constraint
https://github.com/xqwzts/flutter_circular_chart/blob/master/pubspec.yaml
environment:
sdk: '>=1.19.0 <2.0.0'
You can fork the project and update the sdk constraint and ref to your repository:
Like this:
flutter_circular_chart:
git: https://github.com/your_repo/flutter_circular_chart.git
Note
Also would be fine if you open an issue in their repo to notify the devs about the issue that you have.
Use devendency_override with same version witch need for same for other dependency.
Like google_maps_flutter: ^0.5.28+1 needs intl to be 0.16.0
then craete dependency_overrides:
intl: ^0.16.0
below of dev_dependencies:
flutter_test:
sdk: flutter
run project until it not run on device.
Enjoy. Thanks..