I have received an Email from Google Play Store for my Android App:
This is a notification that your com.mydomain.myapp, is built on a
version of Apache Cordova that contains security vulnerabilities. This
includes a high severity cross-application scripting (XAS)
vulnerability. Under certain circumstances, vulnerable apps could be
remotely exploited to steal sensitive information, such as user login
credentials. You should upgrade to Apache Cordova 3.5.1 or higher as
soon as possible. For more information about the vulnerabilities, and
for guidance on upgrading Apache Cordova, please see
http://cordova.apache.org/announcements/2014/08/04/android-351.html.
Please note, applications with vulnerabilities that expose users to
risk of compromise may be considered “dangerous products” and subject
to removal from Google Play. Regards, Google Play Team ©2014 Google
Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043
If I try the command mentioned on the given link/page, i.e.:
cordova platform add android#3.5.1 --usenpm
I get an error:
Platform android already added
How can I upgrade Cordova from 3.1 to 3.5.1? I have tried all sort of things like:
npm update -g cordova
But I do not appear to be getting successful. The version file in MyApp\platforms\android\cordova folder still shows following entry and no file in this folder changes:
// Coho updates this line:
var VERSION = "3.1.0";
console.log(VERSION);
After some research, I think, I have found the solution here:
http://cordova.apache.org/index.html#download
npm install -g cordova
cd my_project
cordova platform update android
Running the last command does the trick and I get this response:
**cordova platform update android**
Deleting E:/PhoneGap/my_project/platforms/android/libs/cordova-3.1.0.jar
Android project is now at version 3.6.3
If you updated from a pre-3.2.0 version and use an IDE, we now require that you
import the "CordovaLib" library project.
Hope that helps.
Regards
If you are using Phonegap, you just need to update Phonegap to version 3.5.0
It's explained here:
http://phonegap.com/blog/2014/06/12/phonegap-3_5_release/
And here's the note from Phonegap that says how you're covered: http://phonegap.com/blog/2014/08/07/cordova-android-3_5_0-patched-with-security-fixes/
Related
I have generate a signed help.apk file but when I publish the app on the Play Store, I got a mail with this issue:
The vulnerabilities were fixed in Apache Cordova v.4.1.1 or higher.
Edit:
Freshly built project with File, File Transfer and Splash screen plugin added to it. Older versions of this app are already successfully in play store; I am just upgrading Cordova version and applying some minor fixes.
Android version - android 6.1.2
Cordova version - 6.5.0
Yet, google play rejected my app saying:
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
The vulnerabilities were fixed in Apache Cordova v.3.5.1. You can find more information and next steps in this Google Help Center article.
Can anyone help with the solution to this rejection?
You need to update your cordova-android platform to 5.X.X.
To Update cordova-android platform
cordova platform rm android
cordova platform add android#5.x.x
follow this link for more details https://cordova.apache.org/announcements/2015/11/20/security.html
Since no one is posting correct answer, i'll add what works for me.
Kerri Shotts comment helps me a lot. yes, you should look at your 'www' project more closely and remove previous 'cordova' js files inside it. Let the cordova build to add them.
Do necessary changes in your html files to use latest cordova.
Google Play is rejecting my application because of the Cordova version I use :
Apache Cordova
The vulnerabilities were fixed in Apache Cordova v.4.1.1 or higher.
You can find information about how to upgrade in this Google Help Center article.
I updated to Cordova 4.1.1 and I still get this error when uploading a new build.
$ cordova -v
6.4.0
$ cordova platform ls
Installed platforms:
android 4.1.1
Anyone knows how to fix this issue?
The problem was pretty simple : Google Play refused a build I sent in production with Cordova 3.5.0. Since this moment, for every Alpha build I sent, Google Play was complaining about my production build that was using Cordova 3.5.0. The only way to resolve this issue was to send a build in Alpha, and move it to Production, without being able to test it in Alpha mode through the Google Play. It's sad that we can't test any build in the Google Play Store in Alpha or Beta when there's a build with security issue in Production.
Hope this will help some people having this weird issue.
I am a little new to Android development.
I have a hybrid app which uses Apache cordova plugins.
I am using eclipse to generate the APK.
But when I publish the APK, the Google play store rejects it saying:
APP UPDATE REJECTED
Your APK has been rejected for containing security vulnerabilities, which violates the Malicious Behavior policy. The Alerts page has more information about how to resolve the issue. If you submitted an update, the previous version of your app is still live on Google Play.
And, when I click on the alerts page the following error shows up:
Security alert :
Your app is using a version of Apache Cordova containing one or more security vulnerabilities. Please see this Google Help Center article for details, including the deadline for fixing the app.
I have already tried the followings:
Update the android platform (cordova platform update android), but no positive results.
I could not update all the cordova plugins as I am getting errors. (wanted to know can this be the issue)
I am building this APK using the Eclipse IDE and I went through this ADT plugin release note https://developer.android.com/studio/tools/sdk/eclipse-adt.html which says: The Eclipse ADT plugin is no longer supported
Eventually I will be importing my project to Android studio but I want an app update immediately thats why still using Eclipse.
If Eclipse is the reason then I immediately need to import my app to Android studio.
I want to figure out that which one of the last two point is responsible for my app rejection.
Also, if none of these are responsible then what could be the possible reason for my app rejection.
Thanks in advance.
An APK is an APK, regardless of where you developed the code. You can write the code in Eclipse, Android Studio, or you can write the code in your favorite plain text editor. The end APK will be indistinguishable regardless of which editor you use.
The error in this case seems to be pretty clear- your version of Cordova has known vulnerabilities and you need to update that.
Run cordova platform version android to check your version. The error message you are receiving will show for anything less than 4.1.1.
The best path would probably be to upgrade to 5.x, as detailed here.
I am developing my mobile apps with ionic framework. When I published it to the Google Playstore, they rejected me with some reason:
Apache Cordova
The vulnerabilities were fixed in Apache Cordova v.3.5.1. You can find more information and next steps in this Google Help Center article.
I have already updated the cordova version to 6.2.0 and published it again. But the same rejection appeared again.
After updating the Cordova, you have to remove android platform, add it again and rebuild it before publishing to Playstore.
Also you gotta ensure that you don't have any reference to old cordova version in any of your project files as Google's text search may find it and fail the app eventhough it is not used. This post details about importance of removing the unused file referring to older version of cordova.
My android application has been rejected from google play and i receive this message below :
The vulnerabilities were fixed in Apache Cordova v.3.5.1. You can find
more information and next steps in this Google Help Center article.
But before submitting the update , i've update all plugins and the platform of the project.
My question: any suggestions about that or any help for fixes this issue ?
I'm posting this in case someone else falls into the same trap: I got this error, and it persisted after upgrading to the latest version of Cordova (6.2.0). I upgraded my platforms and all of my plugins, but the error persisted. Eventually I discovered an old, forgotten and unused backup copy of cordova.js buried deep in a subfolder. Although this old file was not being called by my application, Google's text search was finding it and failing my app. File deleted, bug fixed!