Google playstore security issues on Android platform of Cordova Project

[Naresh Pedagani]

Hi all,when I am trying to publish Android platform of Cordova apk file security warning messages  came (Android applications built with the Cordova framework can be launched through

a special intent URL. A specially-crafted URL could cause the Cordova-based

application to start up with a different start page than the developer

intended, including other HTML content stored on the Android device. This has

been the case in all released versions of Cordova up to  3.5.0, and has been

fixed in the latest release (3.5.1). We recommend affected projects update

their applications to the latest release.),so I updated  Android platform of Cordova project to 3.5.1, but still the same security waring message  showing.please share the solution.

[Steve Husting]

Google Play in the Developer's Console continues to show that security message, even though I updated the app with CLI 4.0.0. We'll see how long before the robot checks it and removes that message. Give it time. Have 4 more apps to update ...

[Michel Parpaillon]

Check the version of your project.
OK you upgraded Cordova but did you update the project ?

To be sure
cordova platform rm android
cordova platform add android

--
-- You received this message because you are subscribed to the Google
Groups "phonegap" group.
To post to this group, send email to phon...@googlegroups.com
To unsubscribe from this group, send email to
phonegap+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phonegap?hl=en?hl=en
 
For more info on PhoneGap or to download the code go to www.phonegap.com
---
You received this message because you are subscribed to the Google Groups "phonegap" group.
To unsubscribe from this group and stop receiving emails from it, send an email to phonegap+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[jcesarmobile]

The CLI version and the android version are different things, the 4.0 CLI have android 3.6.4
To update your project run

cordova platform update android

If you want to check which vesion the project have to make sure it's updated
http://www.raymondcamden.com/2014/10/3/Figuring-out-what-version-of-Cordova-created-a-project

The update on google play take a few hours until they remove the warning

[Naresh Pedagani]

Hi all,this issue fixed ,after updating android platform of cordova project  to 3.5.1 ,alert message not updating ,its showing message with old date ,so i dismissed alert then message disappeared.any way Thanks to all.

[Deepesh R]

Security alert

This app is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

You should upgrade to Apache Cordova v3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please seehttp://cordova.apache.org/announcements/2014/08/04/android-351.html

Please note, applications with vulnerabilities that expose users to risk of compromise may be considered "dangerous products" and subject to removal from Google Play.

I tried using the commands

 npm install -g cordova

cordova platform update <platform>

It wasnt working please help me out to find a solution for this

 

[Steve Husting]

What's the indication that it isn't working?

[Deepesh R]

Hi Steve 

 The working is fine but the play store has an alert on my app, its says that the app would be suspended .Because i am still using 3.6.0 corodova library .Please help me to get rid of this alert ..

 Rgds,

Deepesh R 

--

-- You received this message because you are subscribed to the Google
Groups "phonegap" group.
To post to this group, send email to phon...@googlegroups.com
To unsubscribe from this group, send email to
phonegap+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phonegap?hl=en?hl=en
 
For more info on PhoneGap or to download the code go to www.phonegap.com
---

You received this message because you are subscribed to a topic in the Google Groups "phonegap" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/phonegap/ApLy6HXwqAw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to phonegap+u...@googlegroups.com.

[Steve Husting]

Deepesh,
When I uploaded my updated app to Goggle Play, the notice went away in a few hours by itself.

[Marcel Kinard]

Your app needs to be published in order for it to be scanned. When you do this right, the yellow triangle icon should disappear from your app in the "All Applications" view. But the message will remain present in your "Alerts" view - that is like email that you need to Dismiss manually, a successful scan won't remove entries from the Alerts view.

[Deepesh R]

Hi Marcel,

  Thank you for the reply, but the issue with the phonegap is i have update the app fixing all the vulnerabilities ,

How long does it take for google again to review the app and revert back to clear the yellow triangle(alert dialog) if error i resolved.

Thanks

 Deepesh R 

On Mon, Nov 10, 2014 at 9:43 PM, Marcel Kinard <cmar...@gmail.com> wrote:

Your app needs to be published in order for it to be scanned. When you do this right, the yellow triangle icon should disappear from your app in the "All Applications" view. But the message will remain present in your "Alerts" view - that is like email that you need to Dismiss manually, a successful scan won't remove entries from the Alerts view.

[Marcel Kinard]

Observing my own apps in the Play Store, it appeared that Google was running the scan every 3 hours.

[Deepesh R]

Hi Marcel 

 Thank you for the response, I have updated the app in play store and its been 48 hrs, so i fell the issues are fixed,can i start my promotion on the app to have more downloads, can you please let me know which apps of yours are available in Play Store. So i can get new learning stuffs from you.

 Thanks

 Deepesh R