Phonegap – Google Play Vulnerability Warning

Recently one of my app in Google Play showed a vulnerability warning message. This warning itself said, its a high severity cross-application scripting (XAS) vulnerability. So i had to upgrade my app to Phonegap 3.5.1. Find below the warning i received from Google Play.

This is a notification that your com.mydomain.myapp, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials. You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please seehttp://cordova.apache.org/announcements/2014/08/04/android-351.html. Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play. Regards, Google Play Team ©2014 Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043

 

phonegap-warning

 

 

 

 

 

 

 

Here are some notes how i over come this.

To upgrade the Phonegap, update the node package for Phonegap by running this command.

npm  update -g phonegap

This will upgrade your phonegap to the latest version.

After upgrading the Phonegap, i wasnt able to build the app, it showed an error saying…

You need to upgrade your SDK build tools.

Minimum version required was 19.1. Upgraded the Android build tools using Android SDK Manager, to 19+.

Now you have to remove the older build files and add android again. Run below commands.

cordova platform update android
cordova platform remove android
cordova platform add android

Now you have to remove and add your plugins used. For that, run the below commands

cordova plugin remove org.apache.cordova.dialogs
cordova plugin add org.apache.cordova.dialogs
cordova plugin remove org.apache.cordova.console
cordova plugin add org.apache.cordova.console
...
...
so on...

Now you are done. Rebuild the application and align it, sign it and deploy it to Play Store again. =)

3 thoughts on “Phonegap – Google Play Vulnerability Warning

  1. Hummelstown PA outdoor landscape lighting

    Have you ever considered about including a little bit more than just your articles? I mean, what you say is important and everything. Nevertheless think about if you added some great pictures or videos to give your posts more, “pop”! Your content is excellent but with images and clips, this blog could undeniably be one of the most beneficial in its field. Awesome blog!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>