Our AppBuilder app for Android is running Cordova 3.5.1. Apparently this is susceptible to attack (http://www.techworm.net/2015/06/security-bug-in-cordova-allows-a-single-url-click-to-tamper-android-apps.html) and I should upgrade to Cordova 3.7.2 (or 4.0.2).
1. Is this a credible threat right now?
2. Is Cordova 3.7.2 supported in the latest version of AppBuilder?
3. Is the upgrade path from 3.5.1 to 3.7.2 straight forward or complex?
David
2 Answers, 1 is accepted
Rank 1
Thank you for contacting us.
Now, straight to your concerns:
1. Is this a credible threat right now?
I believe yes. The security bug is real and I won't be surprised if Google decide to reject applications developed with Cordova versions prior to 3.7.2 in the future.
2. Is Cordova 3.7.2 supported in the latest version of AppBuilder?
Currently, the latest Cordova version for Android, supported in AppBuilder is Cordova 3.7.1. The good news however, is that with the upcoming AppBuilder 2.10 release (next week) we will introduce Cordova 3.7.2 and Cordova 4.0.2. What we plan to do is to change the current Cordova 3.7.1 with Cordova 3.7.2 and add one more experimental version (4.0.2) for the Crosswalk compatibility. I think this also answers your question from the last post.
3. Is the upgrade path from 3.5.1 to 3.7.2 straight forward or complex
To upgrade the Cordova version of your AppBuilder project you only need to change it from the drop-down in the project's properties. We handle everything else, automatically on the server. However, it is important that you test the functionality of the application after upgrading, as it is possible for issues or certain defects to arise.
Regards,
Kaloyan
Telerik
Visit the Telerik Verified Plugins Marketplace and get the custom Cordova plugin you need, already tweaked to work seamlessly with AppBuilder.