Hi,
My app just got rejected on the google play developer console (first time trying to upload it) ‘for violating our Malicious Behavior or User Data policy’ then listed these vulnerabilities.
I am not sure at all what to do here or how to fix this as my game collects no data as far as I know. Can anyone help? Please let me know if I need to submit any other information.
Thanks in advance!!
The errors indicate that two of the the common libraries your version of UE4 (or your app) is built with have bugs in them which could get exploited by malicious users or expose your users’ data to hackers.
For the first item, you need to update your game’s libpng library. We upgraded to libpng 1.5.27 in Unreal Engine 4.13.2 and 4.14. If you can’t update to one of these versions, you’ll need to update the library in yourself and recompile your game from source code. You could copy the files you need from Engine\Source\ThirdParty\libPNG from a fixed version of UE4.
For OpenSSL, I think this is coming from the http library “libcurl” but I’m having a hard time determining what versions we ship with which Engine versions on Android. I’m adding someone else who may be able to assist.
Thanks for the response!
I’m downloading 4.14 now and ill let you know the progress assuming I can update the version on the project.
The OpenSSL issue was also resolved; we are using 1.0.1s now for libcurl on Android.
Yep all work fine now. Thank you both so much app will be live very soon 
