You should upgrade to Apache Cordova 3.5.1 or higher??

Ideas and discussion about publishing and distributing your games

Post » Wed Oct 01, 2014 5:24 pm

I have a few apps that are published to google play using older versions of C2, google sent me an email today telling me that my apps had a security risk and could be taken down. ??

any ideas? these are just childrens games, built with C2 only.

THE EMAIL FROM GOOGLE

This is a notification that your com.jameslimitlessdomains.com.balloons, com.jameslimitlessdomains.com.cb11, com.jameslimitlessdomains.com.f1app, com.jameslimitlessdomains.com.paint4, playstore.egg.surprise, who.built.the.ark.xdk, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements ... d-351.html.

Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Regards,

Google Play Team

©2014 Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
Image
B
26
S
4
G
3
Posts: 147
Reputation: 4,875

Post » Wed Oct 01, 2014 5:38 pm

I got the same message. In my case I'm using Crosswalk, so I have put the question up for Intel in another topic crosswalk-intel-xdk-experiences_p840371?#p840371

If you're compiling by yourself with Phonegap instead of Crosswalk sounds like maybe you just need to recompile your apk after updating to the latest version?
B
63
S
12
G
6
Posts: 456
Reputation: 8,981

Post » Wed Oct 01, 2014 5:45 pm

@russpuppy what you're saying is that our apache cordova is "built into" Intel XDK and they have to update it for us to be able to fix this issue?
B
33
S
9
G
3
Posts: 493
Reputation: 4,042

Post » Wed Oct 01, 2014 6:12 pm

Have the same issue, received today:
{ note I am building APKs using Intel XDK }

This is a notification that your net.mrexcessive.flickmath, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements ... d-351.html.

Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Regards,

Google Play Team
B
9
S
3
Posts: 23
Reputation: 646

Post » Wed Oct 01, 2014 6:17 pm

@alvarop I think so ... but honestly I don't yet know enough about Crosswalk to be completely sure
B
63
S
12
G
6
Posts: 456
Reputation: 8,981

Post » Wed Oct 01, 2014 6:21 pm

@russpuppy @alvarop anyway out of our control - which is very frustrating! I miss developing for a single platform sometimes... all the intervening opaque stuff that happens...
B
9
S
3
Posts: 23
Reputation: 646

Post » Wed Oct 01, 2014 10:41 pm

Why don't you just update your apps...
B
56
S
15
G
13
Posts: 826
Reputation: 17,645

Post » Wed Oct 01, 2014 10:51 pm

This is what IntelRobert said :

Crosswalk 8 (beta build in XDK) includes apache cordova 3.5.0. Crosswalk team will need to update, test, and then we will need to update our servers. This normally takes about a week, but I haven't gotten a firm date on how long it will take. After that is done, you would just need to build again and republish.

This problem affects most users of cordova/phonegap.

And @Tekniko, that's not how these things work.
B
33
S
9
G
3
Posts: 493
Reputation: 4,042

Post » Wed Oct 01, 2014 11:11 pm

Funny, that's how my apps work.
B
56
S
15
G
13
Posts: 826
Reputation: 17,645

Post » Thu Oct 02, 2014 5:28 am

@Tekniko it's out of our hands because the XDK needs to be updated. @IntelRobert says it will happen after Crosswalk do their own update... so Cordova->Crosswalk delay, then Crosswalk->XDK delay then XDK->us doing rebuilds. Hopefully GooglePlay will hold off from removing things until after that whole chain of rebuilds is complete.
B
9
S
3
Posts: 23
Reputation: 646

Next

Return to Distribution and Publishing

Who is online

Users browsing this forum: No registered users and 0 guests