问题
I have submitted my release apk to the Google Play console, however it was rejected due to a libpng security vulnerability. I have a couple of libraries I use in my app. How do I know which of these uses libpng?
I am using Android studio.
I am not using OpenCV as a library!
These are my dependencies in my build.gradle file:
dependencies {
compile fileTree(dir: 'libs', include: ['*.jar'])
testCompile 'junit:junit:4.12'
compile 'com.android.support:appcompat-v7:23.4.0'
compile 'com.android.support:support-v4:23.4.0'
compile 'com.android.support:design:23.4.0'
compile 'com.android.support:cardview-v7:23.4.0'
compile 'com.android.support:recyclerview-v7:23.4.0'
compile files('libs/sdk-v1.0.0.jar')
compile(name: 'pen-v4.1.0_full', ext: 'aar')
compile 'com.journeyapps:zxing-android-embedded:3.2.0@aar'
compile 'com.google.zxing:core:3.2.1'
compile files('libs/gson-2.3.jar')
compile files('libs/httpclient-4.4.jar')
compile files('libs/httpcore-4.4.jar')
compile files('libs/httpmime-4.3.6.jar')
}
Let me ask my question again:
How do I know which of these libraries uses libpng?
回答1:
Use strings <youlibrary>.so | grep png. If you see output full of png_set_*, png_write_*, png_image_* - that library uses libpng.
来源:https://stackoverflow.com/questions/40116559/android-libpng-security-vulnerability