This question is locked. New answers and comments are not allowed.
If you have published an app in the Google Play store, you might receive the following email from Google.
"This is a notification that your <App ID>, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.
You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html.
Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
Regards,
Google Play Team"
AppBuilder 2.5 introduced support for Apache Cordova 3.5.1 for Android. To address the notification from Google, you need to rebuild your app to target Apache Cordova 3.5.1. In order to do so, you can follow these steps:
"This is a notification that your <App ID>, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.
You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html.
Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
Regards,
Google Play Team"
AppBuilder 2.5 introduced support for Apache Cordova 3.5.1 for Android. To address the notification from Google, you need to rebuild your app to target Apache Cordova 3.5.1. In order to do so, you can follow these steps:
- Open the Project Properties and navigate to the General tab
- If your app does not target Apache Cordova 3.5.0 change the target Cordova version to 3.5.0 (Android 3.5.1).
- If your app targets Apache Cordova 3.5.0, your project is already configured to target Apache Cordova 3.5.1 server-side. To configure cordova.android.js to properly show the correct Cordova version you will, however, need to manually update the target Cordova version of your project:
- change the target Cordova version to 3.2.0 and save the changes
- change the target Cordova version to 3.5.0 (Android 3.5.1) and save the changes again
- Run the Publish wizard to rebuild the APK.
- Resubmit the APK to Google Play.