I am using following dependencies in my app :

dependencies {
compile fileTree(include: '*.jar', dir: 'libs')
compile project(':zxing-2.3.0')
compile project(':ColorPickerView')
compile project(':DropboxChooserSDK')
compile project(':PullToRefreshLibrary')
compile project(':volley')
compile 'com.android.support:recyclerview-v7:24.0.0-alpha2'
compile 'com.facebook.android:facebook-android-sdk:4.5.0'
compile 'com.google.android.gms:play-services-analytics:8.4.0'
compile 'com.google.android.gms:play-services-gcm:8.4.0'
compile 'com.android.support:design:23.3.0'
compile 'com.github.ctodobom:OpenCV-3.1.0-Android:-SNAPSHOT'
}

I was using opencv library version 2.4.8 and google play console rejected my app saying libpng vulnerability issue. So i updated opencv library to 3.1.0 and still the google play console is rejecting saying the same libpng vulnerability issue.

So i am confused if any other library from above is using libpng library?

EDIT:

I created a sample project which has the above libraries and for testing purpose I downgraded opencv to 2.4.8 (which has libpng issue) and what can i say, it is not giving any warning about libpng, it is getting published. So where exactly is the problem?

I found out the problem. The old opencv library(which has vulnerability issue) created libopencv_java.so file and it was still there in the libs folder even after updating the library. So somehow the new .so file was not generating.

Steps taken to solve :

• First i deleted libopencv_java.so from libs folder.
• Just for clarity, i deleted everything which was there in the build folder.
• Added opencv 2.4.13.1 gradle dependency (compile 'com.iparse.android:opencv:2.4.13.1')

If you want to check the libpng version used by opencv, first find libopencv_java.so which will be in libs or build folder and use the following command in terminal strings libopencv_java.so | grep "libpng".

After this i published in playstore and everything is fine. Hope this helps someone.