PSA: Linking against platform libraries not in the NDK could break your app

Android is moving from OpenSSL to BoringSSL in the AOSP (https://goo.gl/BZOaBc).  If your app links against platform libraries (such as libcrypto.so) that aren’t in the Android NDK, it’ll likely break in a future platform release.

The move to BoringSSL will increase the consistency amongst Android, Chrome, and other products.  To find out more about BoringSSL and its motivations, see Adam Langley’s blog post (https://goo.gl/pFyZVI).  For most developers this should be an invisible change.  However some apps mistakenly link against the platform libcrypto.so or libssl.so, which isn’t part of the Android NDK API.  If you’re using the Android NDK in your app, you must not link against any library that isn’t part of the Android NDK API.  These libraries are not public API, and may change or break without notice across releases and devices. In addition, you may expose yourself to security vulnerabilities. Instead, you should modify your native code to call the Java cryptography APIs via JNI or to statically link against a cryptography library of your choice.

#AndroidDev   #BoringSSL  
Shared publiclyView activity