Thanks for contacting Google Play Developer
Support about the security alert you have received
with regard to the use of an unsafe implementation
of the interface X509TrustManager.
Beginning May 17, 2016, Google Play will block
publishing of any new apps or updates containing the
unsafe implementation of the interface
X509TrustManager.
Version 1 of your app CloseChat contains the
following affected code:
Lde/timroes/axmlrpc/XMLRPCClient$1;
To confirm that you’ve addressed the
vulnerability, upload the updated version of the app
to the Developer Console and check back after five
hours. If the app hasn’t been correctly upgraded, we
will display a warning.
To see a full list of all apps affected by
security vulnerabilities, please view the Alerts tab
of your developer console.
If you believe this vulnerability resides in a
third party library, please notify the third party
and work with them to address this.
While these specific issues may not affect every
app with the TrustManager implementation, it’s best
not to ignore SSL certificate validation errors.
Apps with vulnerabilities that expose users to risk
of compromise may be considered dangerous products
in violation of the Content Policy and section 4.4
of the Developer Distribution Agreement.
Specifically, the implementation ignores all SSL
certificate validation errors when establishing an
HTTPS connection to a remote host, thereby making
your app vulnerable to man-in-the-middle attacks. An
attacker could read transmitted data (such as login
credentials), and even change the data transmitted
on the HTTPS connection.
I hope this helps! If you have any further
questions, please let me know. I'm happy to help.