Monthly Archives: October 2014

Phonegap – Google Play Vulnerability Warning

Recently one of my app in Google Play showed a vulnerability warning message. This warning itself said, its a high severity cross-application scripting (XAS) vulnerability. So i had to upgrade my app to Phonegap 3.5.1. Find below the warning i received from Google Play.

This is a notification that your com.mydomain.myapp, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials. You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please seehttp://cordova.apache.org/announcements/2014/08/04/android-351.html. Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play. Regards, Google Play Team ©2014 Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043

 

phonegap-warning

 

 

 

 

 

 

 

Here are some notes how i over come this.

To upgrade the Phonegap, update the node package for Phonegap by running this command.

npm  update -g phonegap

This will upgrade your phonegap to the latest version.

After upgrading the Phonegap, i wasnt able to build the app, it showed an error saying…

You need to upgrade your SDK build tools.

Minimum version required was 19.1. Upgraded the Android build tools using Android SDK Manager, to 19+.

Now you have to remove the older build files and add android again. Run below commands.

cordova platform update android
cordova platform remove android
cordova platform add android

Now you have to remove and add your plugins used. For that, run the below commands

cordova plugin remove org.apache.cordova.dialogs
cordova plugin add org.apache.cordova.dialogs
cordova plugin remove org.apache.cordova.console
cordova plugin add org.apache.cordova.console
...
...
so on...

Now you are done. Rebuild the application and align it, sign it and deploy it to Play Store again. =)

Requirement Traceability Matrix (RTM)

As a Software Engineer I was faced with a many challenging tasks in this industry. Often its a over head for a PL to manage change requests from the customer. We may have implemented the requirements in the right way. But the customer may need it to be in their style.

RTM-Requirement Traceability Matrix is good way to manage these kind of change requests. A traceability matrix is a document, usually in the form of a table, that correlates any two baselined documents that require a many-to-many relationship to determine the completeness of the relationship. It is often used with high-level requirements (these often consist of marketing requirements) and detailed requirements of the product to the matching parts of high-level design, detailed design, test plan, and test cases.

An RTM usually contains table with coloumns like,

RTM - Requirement Traceability Matrix

Requirement traceability Matrix traces requirement to the test plans/test cases.

We should break down each and every requirement as small as we can. Let’s say, we have a News module in the project. We should split down the requirements like,

  • RQ-001 : Each page will list 10 news
  • RQ-002 : News list will be sorted in ascending order of the posted date.
  • RQ-003 : Each news item should have the following properties
  • RQ-004 : New title (string)
  • RQ-005: New Description (Rich Text)
  • RQ-006: … so on.

Identify each and every minute requirement possibilities of the project. It takes time, but it can save lots of time in the end.

Once the RTM in fully identified, you have to get it concurred by the customer. This will ensure no change requests will pop up in the project in a later stage.

To be continued…