TrustAllX509TrustManager Android lint error

[kackogut]

Environment details

Android Studio Dolphin | 2021.3.1 Patch 1
Library version: v1.42.3

Steps to reproduce

1. Create new Android project
2. Add dependency for Google Http client: implementation("com.google.http-client:google-http-client:1.42.3")
3. Run lintDebug

Stack trace

com/google/api/client/util/SslUtils$1.class: Error: checkServerTrusted is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers [TrustAllX509TrustManager]

   Explanation for issues of type "TrustAllX509TrustManager":
   This check looks for X509TrustManager implementations whose
   checkServerTrusted or checkClientTrusted methods do nothing (thus trusting
   any certificate chain) which could result in insecure network traffic
   caused by trusting arbitrary TLS/SSL certificates presented by peers.

[diegomarquezp]

Hi Kacper, thanks for reporting this.
It's possible to ignore or reduce the severity of this warning (see TrustAllX509TrustManager - suppress section) . Maybe a custom lint file may help with your use case.
Also, please keep in mind that for faster response times you can refer to our Customer Support Hub if you have a support contract.

[diegomarquezp]

Closing as solved.