Thanks for contacting Google Play Developer Support about the security alert you have received with regard to the use of an unsafe implementation of the interface X509TrustManager.
Beginning May 17, 2016, Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager.
Version 1 of your app CloseChat contains the following affected code:
Lde/timroes/axmlrpc/XMLRPCClient$1;
To confirm that you’ve addressed the vulnerability, upload the updated version of the app to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.
To see a full list of all apps affected by security vulnerabilities, please view the Alerts tab of your developer console.
If you believe this vulnerability resides in a third party library, please notify the third party and work with them to address this.
While these specific issues may not affect every app with the TrustManager implementation, it’s best not to ignore SSL certificate validation errors. Apps with vulnerabilities that expose users to risk of compromise may be considered dangerous products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.
Specifically, the implementation ignores all SSL certificate validation errors when establishing an HTTPS connection to a remote host, thereby making your app vulnerable to man-in-the-middle attacks. An attacker could read transmitted data (such as login credentials), and even change the data transmitted on the HTTPS connection.
I hope this helps! If you have any further questions, please let me know. I'm happy to help.