Troubleshoot security review issues

Prev Next

Available in Classic and VPC

You might run into the following problems when using App Safer. Find out causes and possible solutions.

Vulnerabilities detected after applying App Safer

Despite applying App Safer, vulnerabilities were identified during a compliance check.

Cause

The app is in the "App fingerprint collected" status.
This was not detected by App Safer.

Solution

For vulnerabilities related to "Signature-based tampering detection"

  1. In NAVER Cloud Platform console, click i_menu > Services > Security > App Safer > App Management.
  2. Check the status of the registered app.
    • If the app is in the "App fingerprint collected" status, it means all app executions are allowed.
    • Change the status to uncollected to enable proper tampering detection.
  3. Change the registered app fingerprint items to the Uncollected status.

For vulnerabilities detected in other items
Send the security certification results report to Customer support. We will review if additional security functions are required.

Justification for using QUERY_ALL_PACKAGES permission

The App Safer antivirus feature requires the QUERY_ALL_PACKAGES permission, but the Google Play Store has denied the use of this permission.

Cause

  • Google Play Store enforces strict reviews on apps that use QUERY_ALL_PACKAGES, and may deny the use of this permission.
  • If the Android QUERY_ALL_PACKAGES permission is not directly related to the core purpose of the app, Google may restrict its use (Google QUERY_ALL_PACKAGES policy guide).

Solution

You can work around Google's policy as described below.

  • If you don't need App Safer's antivirus functionality, remove the permission.
  • Remove the QUERY_ALL_PACKAGES permission and switch to a query method that uses an intent filter (Package public status requirement declaration guide).
    <queries>
    <intent>
        <action android:name="*" />
    </intent>
</queries>
  • Provide a justification for Google that the QUERY_ALL_PACKAGES permission is related to the app's core purpose.
    • Be sure to supplement your materials, as we've had cases where apps have passed the Google Call to Action process with summited materials.
    • Share with us the core purpose of your app, why you need the antivirus feature, and the documentation you submitted to Google so we can provide further guidance.
Note

If you're still having trouble finding what you need, click on the feedback icon and send us your thoughts and requests. We'll use your feedback to improve this guide.