Google Play Store notice for PhoneGap apps

Recently, a number of users with AppStudio apps in the Google Play Store got this notification:

This is a notification that your {name of app), is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see announcements/2014/08/04/android-351.html.

Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

To fix this, you have to update your project to use the current version of PhoneGap. Go into your Project Properties and edit ‘PhoneGap config.xml’. It will have a line like this – edit it to use Version 3.6.3 (or later – use the current version).

  "<preference name=\"phonegap-version\" value=\"3.6.3\" />",

You will then need to resubmit your app to PhoneGap Build. Use the resulting build to update your app in the Google Play Store.

This entry was posted in news, PhoneGap. Bookmark the permalink.