I am a little new to Android development.
I have a hybrid app which uses Apache cordova plugins.
I am using eclipse to generate the APK.
But when I publish the APK, the Google play store rejects it saying:
APP UPDATE REJECTED
Your APK has been rejected for containing security vulnerabilities, which violates the Malicious Behavior policy. The Alerts page has more information about how to resolve the issue. If you submitted an update, the previous version of your app is still live on Google Play.
And, when I click on the alerts page the following error shows up:
Security alert :
Your app is using a version of Apache Cordova containing one or more security vulnerabilities. Please see this Google Help Center article for details, including the deadline for fixing the app.
I have already tried the followings:
Update the android platform (cordova platform update android), but no positive results.
I could not update all the cordova plugins as I am getting errors. (wanted to know can this be the issue)
I am building this APK using the Eclipse IDE and I went through this ADT plugin release note https://developer.android.com/studio/tools/sdk/eclipse-adt.html which says: The Eclipse ADT plugin is no longer supported
Eventually I will be importing my project to Android studio but I want an app update immediately thats why still using Eclipse.
If Eclipse is the reason then I immediately need to import my app to Android studio.
I want to figure out that which one of the last two point is responsible for my app rejection.
Also, if none of these are responsible then what could be the possible reason for my app rejection.
Thanks in advance.
An APK is an APK, regardless of where you developed the code. You can write the code in Eclipse, Android Studio, or you can write the code in your favorite plain text editor. The end APK will be indistinguishable regardless of which editor you use.
The error in this case seems to be pretty clear- your version of Cordova has known vulnerabilities and you need to update that.
Run cordova platform version android to check your version. The error message you are receiving will show for anything less than 4.1.1.
The best path would probably be to upgrade to 5.x, as detailed here.
Related
This is my first time submitting an app to the Google Play store, so I'm not very experienced with the process at all. After struggling for a bit to get it to build correctly, I was finally able to upload an app bundle and send it in for review. A few minutes later I got an email saying my app was "vulnerable to Intent Redirection" and recommended the following article for support: https://support.google.com/faqs/answer/9267555. The problem is I don't understand much of what the article is saying! As far as I know, I haven't messed with anything like this. I've only downloaded the base NDK and SDK stuff from Unity Hub, and I haven't changed any of the code in Android Studio at all. I asked Google for support, and they said:
"We’ve identified that your app is using the AliPay SDK or library, which facilitates the transmission of phone number information without meeting the prominent disclosure guidelines. If necessary, you can consult your SDK provider(s) for further information or please upgrade AliPay SDK version to 15.5.5 or higher."
Please help! Is there an easy fix to this that I'm missing somehow? I don't even know what AliPay is, as I said I'm a total beginner here. In case it's useful info to have, I'm using Unity 2019.2.13f1 on a Macbook Pro running High Sierra 10.13.6.
Well, do what the message says "upgrade AliPay SDK version to 15.5.5 or higher".
Just go to Android Studio and open your build.gradle file then update that lib version. It will be marked with a yellow line, that means that lib has an update. Focus on that line, then do Alt + Click then Enter, now sync and you've done. Upload the new apk.
My android application has been rejected from google play and i receive this message below :
The vulnerabilities were fixed in Apache Cordova v.3.5.1. You can find
more information and next steps in this Google Help Center article.
But before submitting the update , i've update all plugins and the platform of the project.
My question: any suggestions about that or any help for fixes this issue ?
I'm posting this in case someone else falls into the same trap: I got this error, and it persisted after upgrading to the latest version of Cordova (6.2.0). I upgraded my platforms and all of my plugins, but the error persisted. Eventually I discovered an old, forgotten and unused backup copy of cordova.js buried deep in a subfolder. Although this old file was not being called by my application, Google's text search was finding it and failing my app. File deleted, bug fixed!
I am using Android Studio 1.5, Fabric Plugin 2.3.1. What possible reasons would Fabric not allow me to login?
The whole process is completely knackered. Any Fabric link I visit including the organization settings link located here directs me to the on-boarding link where all I can do is view instructions on how to download the plugin. I have installed the plugin, login and I see the list of Fabric components for about 2 seconds before it brings me back to the login screen with no message at all.
The credentials are fine (incorrect credentials give me an orange message saying so). I have tried it with 3 different accounts.
So now I am in a situation where I have 3 accounts, all of which only allow me to view instructions on how to download the plugin, and the plugin will not let me get further than the login screen. I could do this manually but cannot access the organization settings screen either. Any ideas?
EDIT: This is the closest similar issue I could find on their forums but it relates to a Mac (I'm on Windows 10, Java version jdk1.7.0_79)
What fixed it for me was adding the authKey to the application block in the main manifest.
NOTE: at the time of this issue, I am using Android Studio 2.0 Beta 6. We believe that there might be an issue with the Fabric plugin and this version.
To see what's happening to the Fabric plugin, I had to open the Console app and view the logs in realtime. Sure enough, it showed that was authenticated with my credentials, AND it passed back the reason I was being sent right back to the login: Missing authkey in the application block.
So I copied an authkey node from a previous project and added it to the manifest and bingo - it took me to the screen to install Crashlytics.
The thing is, I could have sworn that the Plugin was supposed to GIVE me the authkey after it installed Crashlytics, so I was a bit puzzled as to why this worked. But it did.
Again, this is with Android Studio 2.0 Beta6 so it might be only related to that. But using the Console to diagnose the issue with the Fabric Plugin is the take away here.
Download the fabric plugin for android studio via jetbrains.com using your prefered browser(i.e mozilla,chrome etc).
after your file get downloaded(not via andriod studio), open your AndroiStudio, goto --file>>settings>>plugin>>install plugin from disk, give the .jar file which you have downloaded, then restart studio
I published yesterday a Cordova application on the Android market (aka Google Play Store) and I noticed a weird bug that I can't reproduce in dev environment.
In fact, all the HTTP requests seem to be blocked by the application (The Ads won't show, the inline images in the articles won't show, the video won't load, etc).
I properly set the access origin to "*" in my config.xml file and when I take a look at the app permissions I see it can receive information from the Internet. Of course the application works properly when I build/install it from my computer.
Also I don't see how I could fix this or even start debugging it.
Have you got any idea how I could debug this ?
Thanks
NB: The apps works great on iOS devices (dev and prod)
I solved my issue.
The problem was that I removed the plugin jsHybugger (before building and signing the app) with the following command
cordova plugin rm org.jshybugger.cordova
and did not regenerate the android platform afterward.
So I just did
cordova platform rm android
cordova platform add android
and all went fine.
Apparently Cordova keeps some files of plugins even after they're removed from the project. I guess those jsHybugger calls where making something crash on my app (because the plugin wasn't there anymore)...
NB: To debug the production version of my app, I simply installed the corresponding apk (found in platforms/android/bin/MY_PROD_APP.apk) on my phone (the one I sent to Google Play Store)
Android AppStore says that the version code is newer and does not accept my app, any clue how to assign a version code manually?
I edited the config.xlm and on the "Widget" section, assign a Version:
versionCode= "420"
But Android keeps saying that the app version is newer than last. Seems that PhoneGap created a code somewhere-invisible and Android reads it there....
Too much inexperienced kids developing serious stuff....
Oops....After compiling 3 times in PhoneGap, it finally got the version code and Android AppStore accepted it...