I just go this warning today from Google:
Your app is using a version of OpenSSL containing a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability.How to address OpenSSL vulnerabilities in your apps
This information is intended for developers of apps statically linking against a version of OpenSSL that precedes 1.02f/1.01r. These versions contain security vulnerabilities.
Please migrate your app(s) to OpenSSL 1.02f/1.01r or higher as soon as possible and increment the version number of the upgraded APK.
Beginning July 11, 2016, Google Play will block publishing of any new apps or updates that use older versions of OpenSSL.
The vulnerabilities were addressed in OpenSSL 1.02f/1.01r. The latest versions OpenSSL can be downloaded here. To confirm your OpenSSL version, you can do a grep search for ($ unzip -p YourApp.apk | strings | grep "OpenSSL").
If you’re using a 3rd party library that bundles OpenSSL, you’ll need to upgrade it to a version that bundles OpenSSL 1.02f/1.01r or higher.
To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.
The vulnerabilities include "logjam" and CVE-2015-3194. The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. Details about other vulnerabilities are available here. For other technical questions, you can post to Stack Overflow and use the tags “android-security” and “OpenSSL.”
While these issues may not affect every app that uses OpenSSL versions prior to 1.02f/1.01r, it's best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered in violation of our Malicious Behavior policy and section 4.4 of the Developer Distribution Agreement.
Before publishing apps, please ensure they are compliant with the Developer Distribution Agreement and Content Policy. If you feel we have sent you an OpenSSL warning in error, contact our support team through the Google Play Developer Help Center.