Recent notification from Google states that hybrid applications must update to Cordova 4.1.1 or later before May 9, 2016. After this date, Google Play will block publishing of any new apps or updates that use older Apache Cordova versions.
Original message:
"Hello Google Play Developer,
Your app(s) listed at the end of this
email utilize a version of Apache Cordova, an open-source mobile
development framework, that contains one or more security
vulnerabilities. If you have more than 20 affected apps in your account,
please check the Developer Console for a full list.
Please
migrate your app(s) to Apache Cordova v.4.1.1 or higher as soon as
possible and increment the version number of the upgraded APK. Beginning
May 9, 2016, Google Play will block publishing of any new apps or
updates that use pre-4.1.1 versions of Apache Cordova.
The
vulnerabilities were addressed in Apache Cordova 4.1.1. If you’re using a
3rd party library that bundles Apache Cordova, you’ll need to upgrade
it to a version that bundles Apache Cordova 4.1.1 or later.
To
confirm you’ve upgraded correctly, submit the updated version to the
Developer Console and check back after five hours. If the app hasn’t
been correctly upgraded, we will display a warning.
For information about the vulnerabilities, please see this Google Help Center article. For other technical questions, you can post to StackOverflow and use the tag “android-security.”
While
these specific issues may not affect every app that uses Apache
Cordova, it’s best to stay up to date on all security patches. Apps with
vulnerabilities that expose users to risk of compromise may be
considered Dangerous Products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.
Apps must also comply with the Developer Distribution Agreement and Content Policy. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.
Regards,
The Google Play Team"
The Telerik Platform team has taken immediate actions in order to introduce the specific Cordova version in the very near future. Here is our plan:
- Cordova for Android 4.1.1 will be available in the AppBuilder's Cordova 4.0.0 (Android 4.0.2, iOS 3.8.0, WP 3.8.0-2) set. This means that, the Android version will change from 4.0.2 to 4.1.1 there. Thus, you will be able to choose between the Cordova 4.0.0 and Cordova 5.0.0 sets in AppBuilder, as both will meet the requirement from Google.
- We will extensively test the 4.1.1 Cordova version before releasing it to the public in order to avoid breaking changes in existing Cordova 4.0.0 applications. Still, we recommend re-testing existing applications after the change and reporting any malfunctions to our support team. We will do everything possible to fix such on the go.
- The Cordova 4.0.0 (Android 4.0.2, iOS 3.8.0, WP 3.8.0-2) set will become default for new AppBuilder applications. However, for existing apps using Cordova 3.8 and below, you will need to manually migrate to 4.0.0 if you plan to publish new versions in Google Play.
All of the above mentioned steps are planned to happen by the end of March, so that Android apps can be updated and re-tested before May 9, 2016.
For further questions, please contact our support team.