IBM Support

PH38008: UPGRADE OKHTTP TO VERSION 3.14.9

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Product components impacted: Android SDK, Cordova Plug-in

Affected mobile development environments: Native Android,
Cordova

Mobile Device Operating Systems impacted: Android
User roles impacted: Developer
Distribution: Maven Central, npmjs.org
Versions affected: 8.0
~~~~~

In the newer releases of Android OS, few of the methods from
Okhttp v3.4.1 bundled in MF Android SDK have been black listed
and below warnings are reported on Google Play Store console.

StrictMode policy violation:
android.os.strictmode.NonSdkApiUsedViolation:
Lcom/android/org/conscrypt/ConscryptEngineSocket;->setHostname(L
java/lang/String;)V

StrictMode policy violation:
android.os.strictmode.NonSdkApiUsedViolation:
Lcom/android/org/conscrypt/ConscryptEngineSocket;->setUseSession
Tickets(Z)V

This APAR addresses these warnings by upgrading OkHttp used in
MF SDK to v3.14.9


Please note that this upgrade raises the minimum requirement for
Android applications to Android 5.0+ (API level 21+) and Java
8+.

For more details see here
https://mobilefirstplatform.ibmcloud.com/blog/2021/06/29/upgrade
d-version-okhttp/

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* Developers of Android application                            *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Google Play Store throws following warning when the app      *
* bundles                                                      *
* Mobile First Android SDK since it uses Okhttp v3.4.1 which   *
* has                                                          *
* implementation for black listed methods.                     *
*                                                              *
* StrictMode policy violation:                                 *
* android.os.strictmode.NonSdkApiUsedViolation:                *
* Lcom/android/org/conscrypt/ConscryptEngineSocket;->setHostna *
* me(L                                                         *
* java/lang/String;)V                                          *
*                                                              *
* StrictMode policy violation:                                 *
* android.os.strictmode.NonSdkApiUsedViolation:                *
* Lcom/android/org/conscrypt/ConscryptEngineSocket;->setUseSes *
* sion                                                         *
* Tickets(Z)V                                                  *
*                                                              *
* Upgraded OkHttp v3.14.9 to fix the issue.                    *
*                                                              *
* Also note that this upgrade mandates the minimum requirement *
* for                                                          *
* Android applications to Android 5.0+ (API level 21+) and     *
* Java level to                                                *
* 8+.                                                          *
*                                                              *
* Refer the blog for more details:                             *
* https://mobilefirstplatform.ibmcloud.com/blog/2021/06/29/upg *
* rade                                                         *
* d-version-okhttp/                                            *
****************************************************************
* RECOMMENDATION:                                              *
* -                                                            *
****************************************************************

    



Problem conclusion


    

  • Google Play Store warning fixed by bundling MF SDK with OkHttp
version 3.14.9

    



Temporary fix


    

  • -

    



Comments


    

  • 



APAR Information




    

  • APAR number
    PH38008
    • 

  • Reported component name
    MOBILE1ST PLATF
    • 

  • Reported component ID
    5725I4301
    • 

  • Reported release
    800
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-06-09
    • 

  • Closed date
    2021-07-25
    • 

  • Last modified date
    2021-08-16
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MOBILE1ST PLATF
    • 

  • Fixed component ID
    5725I4301
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            17 August 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback