App rejected by google play due to http trust manager

Question

I am able to build release apk and when tested, everything is working fine. When I upload it to the Play Store however, it is rejected due to some malicious behavior.

ServerConnection code:

HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
DefaultHttpClient client = new DefaultHttpClient();

SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
registry.register(new Scheme("https", socketFactory, 443));
SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());

// Set verifier
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);

build.gradle:

implementation 'org.jbundle.util.osgi.wrapped:org.jbundle.util.osgi.wrapped.org.apache.http.client:4.1.2'

Google play rejection error message:

The app uses software that contains security vulnerabilities for users or allows the collections of user data without proper disclosure.

Answer 1

Try to search for "TrustManager" in your codes, if none is to be found, most of the cases it is because of third party libraries included.

May be because of using an older version of any library in your gradle

Answer 2

Your code is disabling SSL hostname verification, which, to quote the Help Center article linked in your screenshot,

ignores all SSL certificate validation errors when establishing an HTTPS connection to a remote host, thereby making your app vulnerable to man-in-the-middle attacks. An attacker could read transmitted data (such as login credentials) and even change the data transmitted on the HTTPS connection.

This is a security vulnerability - as CommonsWare noted, you should remove all of the code in your question. If you're doing it because you were previously getting SSL verification errors, here are some common issues with SSL verification with information about how to fix them.