Skip to main content
Question

App rejected by Play Console due to security


Forum|alt.badge.img+3

Hi All,

Trying to publish an app and got the following:

Unsafe Encryption

Your app contains unsafe cryptographic encryption patterns. Please see this Google Help Center article for details.

  • p0.e0.c

Unfortunately got nothing else, no email, so just have to guess what code its refering to. Best guess is the key used to configure revenuecat for in-app purchase.

configuration = PurchaseConfiguration('goog_********************************');

They suggest using Jetpack (https://support.google.com/faqs/answer/9450925)

I am however struggling to implement this in flutter. Does anyone have any example code/articles etc that could help?

I suspect this will impact all apps that use a key within the app like revenuecat.

Thanks

12 replies

pamila-5ec5c9
Forum|alt.badge.img

 When integrating RevenueCat into an app, developers need to configure a public key that is used to verify purchase receipts from the app store. If this key is not properly configured or uses weak encryption, it could trigger the "Unsafe Encryption" error message.


Forum|alt.badge.img+3

ok, so that may be the problem…. solution?

So far all I can see is - fixed keys bad … dynamically generate so different each time. 

However this is not in the revenuecat docs as it instructs to use fixed key and paste them into the code!

totally incompatible. 

is there a solution of does using revenuecat mean I cant publish to google????


Forum|alt.badge.img+2
  • New Member
  • 1 reply
  • April 22, 2023

I get this error in google play too. 

I check my dependencies, other libs are all belongs to google. I think the most likely one which cause this is RevenueCat. (but not confirmed)

I think RevenueCat would self-check the code by the guide. And I will continue to find out which lib exactly cause this. 

I am using RevenueCat  version below

implementation ("com.revenuecat.purchases:purchases:6.1.1")

 

Unsafe Encryption

Your app contains unsafe cryptographic encryption patterns. Please see this Google Help Center article for details.

  • bjqm.c (in dynamically loaded code)
  • bjqm.d (in dynamically loaded code)

Forum|alt.badge.img
  • New Member
  • 1 reply
  • April 24, 2023

Hi,

Did you find a  fix for this unsafe encryption alert in play store app submission . I have the same error on my App Bundle submission.


Forum|alt.badge.img
  • New Member
  • 2 replies
  • April 25, 2023

Hmh I’ve exactly same errors in other project (not using revenuecat).. I wonder which dep pulls out bjqm.* and bpce.*.. This seems to be something new added in Google Plays static analysis as it started to appear with minor change…

https://stackoverflow.com/questions/76101637/your-app-contains-unsafe-cryptographic-encryption-patterns-in-dynamically-loade


sharif
RevenueCat Staff
Forum|alt.badge.img+9
  • RevenueCat Staff
  • 513 replies
  • April 25, 2023

Hello all,

RevenueCat doesn’t use encryption beyond standard TLS so I don’t think RevenueCat would be causing this. If it is related to Proguard, try adding -keep class com.revenuecat.purchases.** { *; } to your Proguard configuration. If that works, then the issue is probably in Proguard.


Forum|alt.badge.img
  • New Member
  • 2 replies
  • April 25, 2023

@fdx-76333c i submitted another build of my app with no changes, and errors regarding “Implicit Pending Intent” and “Unsafe Encryption” (in dynamically loaded code) disappeared from pre-launch report.


Forum|alt.badge.img
  • New Member
  • 2 replies
  • April 28, 2023

@sharif also just got this error in the console (the app is still in review), seems related to revenuecat.

If they approve I guess it’s fine. If they don’t I’ll try adding proguard rule and resubmit.

 


sharif
RevenueCat Staff
Forum|alt.badge.img+9
  • RevenueCat Staff
  • 513 replies
  • May 2, 2023

@vishna are you also using Flutter or a different SDK?


Forum|alt.badge.img
  • New Member
  • 2 replies
  • May 2, 2023

Yes, also flutter. Also while the error showed up in the console, there was no implication when it came to approval 🤷‍♂️


Forum|alt.badge.img+2

I am also getting the same error. I am using the flutter SDK version 4.8.0. I followed the change log for the newer version of SDK. But didn’t find anything related to this issue. 

 


sharif
RevenueCat Staff
Forum|alt.badge.img+9
  • RevenueCat Staff
  • 513 replies
  • May 12, 2023

@KharelPankaj Thanks for letting us know. I checked with our mobile engineering team and they mentioned that we don’t use any special cryptography in the Flutter SDK. Does it go away when submitting another build of your app?


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings