Recently one of my app in Google Play showed a vulnerability warning message. This warning itself said, its a high severity cross-application scripting (XAS) vulnerability. So i had to upgrade my app to Phonegap 3.5.1. Find below the warning i received from Google Play.
This is a notification that your com.mydomain.myapp, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials. You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please seehttp://cordova.apache.org/announcements/2014/08/04/android-351.html. Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play. Regards, Google Play Team ©2014 Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043
Here are some notes how i over come this.
To upgrade the Phonegap, update the node package for Phonegap by running this command.
npm update -g phonegap
This will upgrade your phonegap to the latest version.
After upgrading the Phonegap, i wasnt able to build the app, it showed an error saying…
You need to upgrade your SDK build tools.
Minimum version required was 19.1. Upgraded the Android build tools using Android SDK Manager, to 19+.
Now you have to remove the older build files and add android again. Run below commands.
cordova platform update android cordova platform remove android cordova platform add android
Now you have to remove and add your plugins used. For that, run the below commands
cordova plugin remove org.apache.cordova.dialogs cordova plugin add org.apache.cordova.dialogs cordova plugin remove org.apache.cordova.console cordova plugin add org.apache.cordova.console ... ... so on...
Now you are done. Rebuild the application and align it, sign it and deploy it to Play Store again. =)