Google Play is rejecting my application because of the Cordova version I use :
Apache Cordova
The vulnerabilities were fixed in Apache Cordova v.4.1.1 or higher.
You can find information about how to upgrade in this Google Help Center article.
I updated to Cordova 4.1.1 and I still get this error when uploading a new build.
$ cordova -v
6.4.0
$ cordova platform ls
Installed platforms:
android 4.1.1
Anyone knows how to fix this issue?
The problem was pretty simple : Google Play refused a build I sent in production with Cordova 3.5.0. Since this moment, for every Alpha build I sent, Google Play was complaining about my production build that was using Cordova 3.5.0. The only way to resolve this issue was to send a build in Alpha, and move it to Production, without being able to test it in Alpha mode through the Google Play. It's sad that we can't test any build in the Google Play Store in Alpha or Beta when there's a build with security issue in Production.
Hope this will help some people having this weird issue.
Related
I have generate a signed help.apk file but when I publish the app on the Play Store, I got a mail with this issue:
The vulnerabilities were fixed in Apache Cordova v.4.1.1 or higher.
Edit:
Freshly built project with File, File Transfer and Splash screen plugin added to it. Older versions of this app are already successfully in play store; I am just upgrading Cordova version and applying some minor fixes.
Android version - android 6.1.2
Cordova version - 6.5.0
Yet, google play rejected my app saying:
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
The vulnerabilities were fixed in Apache Cordova v.3.5.1. You can find more information and next steps in this Google Help Center article.
Can anyone help with the solution to this rejection?
You need to update your cordova-android platform to 5.X.X.
To Update cordova-android platform
cordova platform rm android
cordova platform add android#5.x.x
follow this link for more details https://cordova.apache.org/announcements/2015/11/20/security.html
Since no one is posting correct answer, i'll add what works for me.
Kerri Shotts comment helps me a lot. yes, you should look at your 'www' project more closely and remove previous 'cordova' js files inside it. Let the cordova build to add them.
Do necessary changes in your html files to use latest cordova.
I am developing my mobile apps with ionic framework. When I published it to the Google Playstore, they rejected me with some reason:
Apache Cordova
The vulnerabilities were fixed in Apache Cordova v.3.5.1. You can find more information and next steps in this Google Help Center article.
I have already updated the cordova version to 6.2.0 and published it again. But the same rejection appeared again.
After updating the Cordova, you have to remove android platform, add it again and rebuild it before publishing to Playstore.
Also you gotta ensure that you don't have any reference to old cordova version in any of your project files as Google's text search may find it and fail the app eventhough it is not used. This post details about importance of removing the unused file referring to older version of cordova.
I have already upgraded my Cordova version to: 5.0.0 and Google Play Developer console still showing this below alert and that affected my latest APK version.
Your app is using a version of Apache Cordova containing one or more security vulnerabilities. Please see this Google Help Center article for details, including the deadline for fixing the app.
Affects APK version 1.
I have received an Email from Google Play Store for my Android App:
This is a notification that your com.mydomain.myapp, is built on a
version of Apache Cordova that contains security vulnerabilities. This
includes a high severity cross-application scripting (XAS)
vulnerability. Under certain circumstances, vulnerable apps could be
remotely exploited to steal sensitive information, such as user login
credentials. You should upgrade to Apache Cordova 3.5.1 or higher as
soon as possible. For more information about the vulnerabilities, and
for guidance on upgrading Apache Cordova, please see
http://cordova.apache.org/announcements/2014/08/04/android-351.html.
Please note, applications with vulnerabilities that expose users to
risk of compromise may be considered “dangerous products” and subject
to removal from Google Play. Regards, Google Play Team ©2014 Google
Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043
If I try the command mentioned on the given link/page, i.e.:
cordova platform add android#3.5.1 --usenpm
I get an error:
Platform android already added
How can I upgrade Cordova from 3.1 to 3.5.1? I have tried all sort of things like:
npm update -g cordova
But I do not appear to be getting successful. The version file in MyApp\platforms\android\cordova folder still shows following entry and no file in this folder changes:
// Coho updates this line:
var VERSION = "3.1.0";
console.log(VERSION);
After some research, I think, I have found the solution here:
http://cordova.apache.org/index.html#download
npm install -g cordova
cd my_project
cordova platform update android
Running the last command does the trick and I get this response:
**cordova platform update android**
Deleting E:/PhoneGap/my_project/platforms/android/libs/cordova-3.1.0.jar
Android project is now at version 3.6.3
If you updated from a pre-3.2.0 version and use an IDE, we now require that you
import the "CordovaLib" library project.
Hope that helps.
Regards
If you are using Phonegap, you just need to update Phonegap to version 3.5.0
It's explained here:
http://phonegap.com/blog/2014/06/12/phonegap-3_5_release/
And here's the note from Phonegap that says how you're covered: http://phonegap.com/blog/2014/08/07/cordova-android-3_5_0-patched-with-security-fixes/
I published yesterday a Cordova application on the Android market (aka Google Play Store) and I noticed a weird bug that I can't reproduce in dev environment.
In fact, all the HTTP requests seem to be blocked by the application (The Ads won't show, the inline images in the articles won't show, the video won't load, etc).
I properly set the access origin to "*" in my config.xml file and when I take a look at the app permissions I see it can receive information from the Internet. Of course the application works properly when I build/install it from my computer.
Also I don't see how I could fix this or even start debugging it.
Have you got any idea how I could debug this ?
Thanks
NB: The apps works great on iOS devices (dev and prod)
I solved my issue.
The problem was that I removed the plugin jsHybugger (before building and signing the app) with the following command
cordova plugin rm org.jshybugger.cordova
and did not regenerate the android platform afterward.
So I just did
cordova platform rm android
cordova platform add android
and all went fine.
Apparently Cordova keeps some files of plugins even after they're removed from the project. I guess those jsHybugger calls where making something crash on my app (because the plugin wasn't there anymore)...
NB: To debug the production version of my app, I simply installed the corresponding apk (found in platforms/android/bin/MY_PROD_APP.apk) on my phone (the one I sent to Google Play Store)