Jon Haider
Posts: 0
Joined: Thu Oct 16, 2014 2:53 pm

Google Play warning: You are using a vulnerable version of Apache Cordova

Hey guys,
I just wanted to initiate this topic for everyone to track if and when an updated version of Apache will be supported in the Appery Builder.

I know there was a similar issue with Apache version 3.5 (I think) last year.

Below is an email I got from Google play earlier:
pre
Hello Google Play Developer,

Your app(s) listed at the end of this email utilize a version of Apache Cordova, an open-source mobile development framework, that contains one or more security vulnerabilities. If you have more than 20 affected apps in your account, please check the Developer Console for a full list.

Please migrate your app(s) to Apache Cordova v.4.1.1 or higher as soon as possible and increment the version number of the upgraded APK. Beginning May 9, 2016, Google Play will block publishing of any new apps or updates that use pre-4.1.1 versions of Apache Cordova.

The vulnerabilities were addressed in Apache Cordova 4.1.1. If you’re using a 3rd party library that bundles Apache Cordova, you’ll need to upgrade it to a version that bundles Apache Cordova 4.1.1 or later.

To confirm you’ve upgraded correctly, submit the updated version to the Developer Console and check back after five hours. If the app hasn’t been correctly upgraded, we will display a warning.

For information about the vulnerabilities, please see this Google Help Center article. For other technical questions, you can post to Stack Overflow and use the tag “android-security.”

While these specific issues may not affect every app that uses Apache Cordova, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered Dangerous Products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.

Apps must also comply with the Developer Distribution Agreement and Content Policy. If you feel we have sent this warning in error, contact our policy support team through the Google Play Developer Help Center.

Regards,

The Google Play Team

©2016 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You have received this mandatory email service announcement to update you about important changes to your Google Play Developer account.
/pre

KorryRogers
Posts: 0
Joined: Fri Aug 15, 2014 2:53 am

Google Play warning: You are using a vulnerable version of Apache Cordova

I got this email warning today also.

Michael Droll
Posts: 0
Joined: Wed Mar 04, 2015 5:05 am

Google Play warning: You are using a vulnerable version of Apache Cordova

I also got this email. Is there a way for us the devs to manually update the Cordova in appery.io?

Ram7585741
Posts: 0
Joined: Fri Jun 12, 2015 9:38 pm

Google Play warning: You are using a vulnerable version of Apache Cordova

Yes. All the Appery users would have got this mail. Appery uses Apache Cordova 4.0. Google wants the users to update to 4.1.1

So, we request the appery guys to let us know when will the latest version of cordova be included in appery development platform.

Also, there is one more pending update - support for Android 5.1 version in the platform.

B5107656409
Posts: 0
Joined: Thu Jul 23, 2015 6:39 am

Google Play warning: You are using a vulnerable version of Apache Cordova

yup I also got this email today

Ole Henrik Oftedal
Posts: 0
Joined: Thu Apr 19, 2012 4:52 pm

Google Play warning: You are using a vulnerable version of Apache Cordova

Same here. This is the second time with securty issue in Cordova. Last time was October 2014. Appery Guys: We love you!!! Please help as you did last time:-)

EasyFab
Posts: 0
Joined: Sun Nov 15, 2015 4:06 am

Google Play warning: You are using a vulnerable version of Apache Cordova

Same here...

Can you please tell us what to do ?

Thanks

Illya Stepanov
Posts: 0
Joined: Mon Mar 18, 2013 8:48 am

Google Play warning: You are using a vulnerable version of Apache Cordova

Hi all -

We have escalated this issue. And our development team is working on it.
And we will post update as soon as we get any news.

maxkatz
Posts: 0
Joined: Fri Aug 13, 2010 3:24 pm

Google Play warning: You are using a vulnerable version of Apache Cordova

We are going to upgrade the Cordova library and build. We will update here once we can share the dates with you.

As a side note, Google will not remove your app. It will not allow to publish or update the app. We will upgrade to the right version before that so this won't be an issue at all.

Return to “Issues”