My android application has been rejected from google play and i receive this message below :
The vulnerabilities were fixed in Apache Cordova v.3.5.1. You can find
more information and next steps in this Google Help Center article.
But before submitting the update , i've update all plugins and the platform of the project.
My question: any suggestions about that or any help for fixes this issue ?
I'm posting this in case someone else falls into the same trap: I got this error, and it persisted after upgrading to the latest version of Cordova (6.2.0). I upgraded my platforms and all of my plugins, but the error persisted. Eventually I discovered an old, forgotten and unused backup copy of cordova.js buried deep in a subfolder. Although this old file was not being called by my application, Google's text search was finding it and failing my app. File deleted, bug fixed!
Related
I am using Appsflyer library in my project. Previously I was using version 5.0.0. Then I got this message when uploading a new version.
The developer of AppsFlyer SDK (com.appsflyer:af-android-sdk) has reported version 5.0.0 as outdated. You must upgrade to a newer version (5.1.0+) before you can publish a new release to production.
So I updated the version from 5.0.0 to 6.5.4. But I still get this message. I am unable to upload app to play store.
If you need any other information, please let me know through the comments section. I will update it here. Thank you all in advance.
Before posting this question I tried "invalidate cache / restart" option. It didn't work. But after reading the comment from Pierre, I cleaned the project and tried again. Surprisingly it worked. Thank you Pierre.
I had the same issue with a different library. even after removing the library still, issue came. and I was using react native. first tried with ./gradlew clean then ./gradlew build. then it solved
This is my first time submitting an app to the Google Play store, so I'm not very experienced with the process at all. After struggling for a bit to get it to build correctly, I was finally able to upload an app bundle and send it in for review. A few minutes later I got an email saying my app was "vulnerable to Intent Redirection" and recommended the following article for support: https://support.google.com/faqs/answer/9267555. The problem is I don't understand much of what the article is saying! As far as I know, I haven't messed with anything like this. I've only downloaded the base NDK and SDK stuff from Unity Hub, and I haven't changed any of the code in Android Studio at all. I asked Google for support, and they said:
"We’ve identified that your app is using the AliPay SDK or library, which facilitates the transmission of phone number information without meeting the prominent disclosure guidelines. If necessary, you can consult your SDK provider(s) for further information or please upgrade AliPay SDK version to 15.5.5 or higher."
Please help! Is there an easy fix to this that I'm missing somehow? I don't even know what AliPay is, as I said I'm a total beginner here. In case it's useful info to have, I'm using Unity 2019.2.13f1 on a Macbook Pro running High Sierra 10.13.6.
Well, do what the message says "upgrade AliPay SDK version to 15.5.5 or higher".
Just go to Android Studio and open your build.gradle file then update that lib version. It will be marked with a yellow line, that means that lib has an update. Focus on that line, then do Alt + Click then Enter, now sync and you've done. Upload the new apk.
I'm migrating one of my live applications from Native to Xamarin. I have successfully done that and now I'm trying to release the same on Google Play Store.
I have generated a release build for the same in Xamarin android. Following are the scenarios which will describe the issue I'm facing -
Fresh Install - As I have a release apk for my application, I'm able to install it on my device and it's working smoothly.
Update Scenario - As I have mentioned earlier that the application is already live which was developed on Native Android, I have installed the live version of the same and tried updating the app using the latest release build that I have generated from Xamarin. In this case I'm getting the issue.
Attached a screenshot for the reference.
What I have tried so far to resolve the issue -
As there are multiple questions related to this issue, I have tried following things to get rid of this issue -
Clear data and Clear Cache of Google Play Store application.
Checked the Signing keys are same as before.
Checked the package name is same as before.
Removed the Google account and added again as per the suggestions.
I need to resolve this error soon, so I can't use the Fresh Install technique as an option.
I am able to identify the issue and fortunate that it got resolved. Sharing it here so if anyone gets stuck for the same issue then they can refer this.
Identified Issue - The issue was quite silly as the version code wasn't getting updated from the UI of Android Manifest even if I was changing the values. That might be the glitch in Xamarin or Visual Studio (for Xamarin).
What I did to resolve this - I manually deleted the declaration of Version Code and other values which weren't changing from AndroidManifest.xml then from the UI section of the Manifest I upgraded the Version Code and build the solution for release. That's how things got resolved at my end.
Hope this helps. Thanks.
I have generate a signed help.apk file but when I publish the app on the Play Store, I got a mail with this issue:
The vulnerabilities were fixed in Apache Cordova v.4.1.1 or higher.
Edit:
Freshly built project with File, File Transfer and Splash screen plugin added to it. Older versions of this app are already successfully in play store; I am just upgrading Cordova version and applying some minor fixes.
Android version - android 6.1.2
Cordova version - 6.5.0
Yet, google play rejected my app saying:
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
The vulnerabilities were fixed in Apache Cordova v.3.5.1. You can find more information and next steps in this Google Help Center article.
Can anyone help with the solution to this rejection?
You need to update your cordova-android platform to 5.X.X.
To Update cordova-android platform
cordova platform rm android
cordova platform add android#5.x.x
follow this link for more details https://cordova.apache.org/announcements/2015/11/20/security.html
Since no one is posting correct answer, i'll add what works for me.
Kerri Shotts comment helps me a lot. yes, you should look at your 'www' project more closely and remove previous 'cordova' js files inside it. Let the cordova build to add them.
Do necessary changes in your html files to use latest cordova.
I am a little new to Android development.
I have a hybrid app which uses Apache cordova plugins.
I am using eclipse to generate the APK.
But when I publish the APK, the Google play store rejects it saying:
APP UPDATE REJECTED
Your APK has been rejected for containing security vulnerabilities, which violates the Malicious Behavior policy. The Alerts page has more information about how to resolve the issue. If you submitted an update, the previous version of your app is still live on Google Play.
And, when I click on the alerts page the following error shows up:
Security alert :
Your app is using a version of Apache Cordova containing one or more security vulnerabilities. Please see this Google Help Center article for details, including the deadline for fixing the app.
I have already tried the followings:
Update the android platform (cordova platform update android), but no positive results.
I could not update all the cordova plugins as I am getting errors. (wanted to know can this be the issue)
I am building this APK using the Eclipse IDE and I went through this ADT plugin release note https://developer.android.com/studio/tools/sdk/eclipse-adt.html which says: The Eclipse ADT plugin is no longer supported
Eventually I will be importing my project to Android studio but I want an app update immediately thats why still using Eclipse.
If Eclipse is the reason then I immediately need to import my app to Android studio.
I want to figure out that which one of the last two point is responsible for my app rejection.
Also, if none of these are responsible then what could be the possible reason for my app rejection.
Thanks in advance.
An APK is an APK, regardless of where you developed the code. You can write the code in Eclipse, Android Studio, or you can write the code in your favorite plain text editor. The end APK will be indistinguishable regardless of which editor you use.
The error in this case seems to be pretty clear- your version of Cordova has known vulnerabilities and you need to update that.
Run cordova platform version android to check your version. The error message you are receiving will show for anything less than 4.1.1.
The best path would probably be to upgrade to 5.x, as detailed here.