This question is locked. New answers and comments are not allowed.
If you have published an app in the Google Play store, you might receive the following email from Google.
"This is a notification that your <App ID>, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.
You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html.
Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
Regards,
Google Play Team"
AppBuilder 2.5 introduced support for Apache Cordova 3.5.1 for Android. To address the notification from Google, you need to rebuild your app to target Apache Cordova 3.5.1. In order to do so, you can follow these steps:
"This is a notification that your <App ID>, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.
You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html.
Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
Regards,
Google Play Team"
AppBuilder 2.5 introduced support for Apache Cordova 3.5.1 for Android. To address the notification from Google, you need to rebuild your app to target Apache Cordova 3.5.1. In order to do so, you can follow these steps:
- Open the Project Properties and navigate to the General tab
- If your app does not target Apache Cordova 3.5.0 change the target Cordova version to 3.5.0 (Android 3.5.1).
- If your app targets Apache Cordova 3.5.0, your project is already configured to target Apache Cordova 3.5.1 server-side. To configure cordova.android.js to properly show the correct Cordova version you will, however, need to manually update the target Cordova version of your project:
- change the target Cordova version to 3.2.0 and save the changes
- change the target Cordova version to 3.5.0 (Android 3.5.1) and save the changes again
- Run the Publish wizard to rebuild the APK.
- Resubmit the APK to Google Play.
3 Answers, 1 is accepted
0
.png)
Ken
Top achievements
Rank 2
Rank 2
answered on 03 Oct 2014, 01:58 PM
Our app is publish with Cordova Version 3.5.0 (Android 3.5.1).
But, we still receive Security Alert email from Google Play. Do we need to make
any change or we can ignore it?
Further, what changes we need to make in cordova.android.js
file?
But, we still receive Security Alert email from Google Play. Do we need to make
any change or we can ignore it?
Further, what changes we need to make in cordova.android.js
file?
0
Patrick
Top achievements
Rank 1
Rank 1
answered on 08 Oct 2014, 08:26 AM
I have the same problem. App is published with Cordova Version 3.5.0 (Android 3.5.1), but I still receive the security alert.
What should I do?
What should I do?
0
Hi guys,
Since your app targets Apache Cordova 3.5.0, your project is already configured to target Apache Cordova 3.5.1 server-side. To configure cordova.android.js to properly show the correct Cordova version you will, however, need to manually update the target Cordova version of your project. So please go ahead and
Let us know if you still have issues after executing the above steps.
Regards,
Tina Stancheva
Telerik
Since your app targets Apache Cordova 3.5.0, your project is already configured to target Apache Cordova 3.5.1 server-side. To configure cordova.android.js to properly show the correct Cordova version you will, however, need to manually update the target Cordova version of your project. So please go ahead and
- Open the Project Properties and navigate to the General tab
- Change the target Cordova version to 3.2.0
- Save the changes
- Change the target Cordova version to 3.5.0 (Android 3.5.1)
- Save the changes
- Open the cordova.android.js file and make sure that the CORDOVA_JS_BUILD_LABEL value is 3.5.1.
- Run the Publish wizard to rebuild the APK.
- Resubmit the APK to Google Play.
Let us know if you still have issues after executing the above steps.
Regards,
Tina Stancheva
Telerik
Visit the Telerik Verified Plugins Marketplace and get the custom Cordova plugin you need, already tweaked to work seamlessly with AppBuilder.