Security alert in Play Store who get this

Post reply

❤Follow Topic(31)

0 favourites

77 posts
- 1
- 2
- 3
- 4
- 5
- 6

From the Asset Store

Building "Role-Playing" and "Rogue-like" Browser Games

$9.99 USD

This Student Workbook uses both Construct 3 & 2 encoding. It supplies client-side & php "back-end" encoding.

PBMCube

- Ashley Construct Team Founder
- Moderator
- - Joined 21 May, 2007
  - 669 topics • 30,357 posts
- 1
- 9 Feb, 2016
- Quote
As others have noted, C2 doesn't specify a Cordova version - it should use whichever is the latest. So just rebuilding your app should fix this, provided the build system is using a new enough Cordova version. If the build system isn't updated yet, I'm sure they'll be on it soon, since they will be inundated with reports from everyone who uses it!

FWIW, this seems to happen from time to time on Google Play - Google are pretty pro-active about weeding out any apps that use any libraries with known vulnerabilities.
- d939569e84594e1586eac3e65e28dfb2
- - Joined 23 Apr, 2013
  - 50 topics • 625 posts
- 1
- 9 Feb, 2016
- Quote
Any idea when IntelXDK will be using a newer version of Cordova? I have been getting these security emails for over a year now.

I just published 3 new apps (all within the last month) and each one of them got this security warning.
- mahdi71
- - Joined 24 Aug, 2014
  - 62 topics • 264 posts
- 1
- 9 Feb, 2016
- Quote
As always scirra say : its not us !! Its your problem
- d939569e84594e1586eac3e65e28dfb2
- - Joined 23 Apr, 2013
  - 50 topics • 625 posts
- 1
- 9 Feb, 2016
- Quote
As always scirra say : its not us !! Its your problem

In this case, it is not scirra. Scirra is not building it with cordova, can't blame them for something a third party is adding on.
- TechBoxNorth
- - Joined 8 Feb, 2012
  - 106 topics • 392 posts
- 1
- 9 Feb, 2016
- Quote
As always scirra say : its not us !! Its your problem

Probably because it is not Scirra that makes the cordova, but I don't see any reason to panic as I'm quite sure that both xdk and cocoon will fix this well within the time limit that google play has told us.
- Jetta88
- - Joined 6 Oct, 2012
  - 54 topics • 549 posts
- 1
- 9 Feb, 2016
- Quote
Basically, Intel needs to release CLI version 5.4.1 to correct the issue. Don't know the timeframe on when they're gonna release that. We're currently on 5.1.1 which has an outdated version of Cordova..
Try Construct 3

Develop games in your browser. Powerful, performant & highly capable.
Try Now Construct 3 users don't see these ads
- Iolva
- - Joined 14 Jan, 2014
  - 67 topics • 690 posts
- 1
- 9 Feb, 2016
- Quote
This is the link that Google Play gave me:

https://support.google.com/faqs/answer/6325474
- JLH1964
- - Joined 11 Jul, 2014
  - 46 topics • 323 posts
- 1
- 9 Feb, 2016
- Quote
Here's the problem: Google Play states the following in the email (I also got the email) :

While these specific issues may not affect every app that uses Apache Cordova, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered Dangerous Products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.

So if you don't update your apps, technically you could get a Google Play account strike after May 2016.

Here's the kicker; I've updated apps in the past for similar issues and the update launches another verification of your app. During that verification there is a reasonable chance that your app will get flagged for a totally unrelated issue and generate a policy strike. It happened to me last time. A 2-year old app got a policy strike for something it was not violating.

So, do we feel lucky?
- Jetta88
- - Joined 6 Oct, 2012
  - 54 topics • 549 posts
- 1
- 9 Feb, 2016
- Quote
This is the link that Google Play gave me:

https://support.google.com/faqs/answer/6325474

That link is useless.

Once again, it's nothing that we can do until Intel updates XDK with an updated version of CLI that has an updated version of Cordova.
- glerikud
- - Joined 8 Sep, 2011
  - 59 topics • 1,504 posts
- 1
- 9 Feb, 2016
- Quote
As always scirra say : its not us !! Its your problem

No need to worry. This has happened before and was fixed by Intel (since it's their job to fix this) and I was able to rebuild.
- volcank
- - Joined 24 Apr, 2014
  - 27 topics • 178 posts
- 1
- 10 Feb, 2016
- Quote
This is so weird everyone imagine if you have like around 100 apps on the market and if this thing happens again in the future we will need to update all of our 100 apps?? Anyway at least let's hope Intel and Ludei updates their wrapper as soon as possible. Btw does anyone know how will we ever know when they are updated??
- glerikud
- - Joined 8 Sep, 2011
  - 59 topics • 1,504 posts
- 1
- 10 Feb, 2016
- Quote
This is so weird everyone imagine if you have like around 100 apps on the market and if this thing happens again in the future we will need to update all of our 100 apps??

Yes And be at ease, if you are a web designer and you have 100 clients who requested WordPress sites from you and one day someone finds a vunerability inside WordPress you would have to update all 100 sites (if you still work for them). Since it's just a rebuild, unless you use lot's of plugins, you can expect everything to work just fine.
- AndreasR
- - Joined 21 Feb, 2013
  - 176 topics • 1,281 posts
- 1
- 11 Feb, 2016
- Quote
Ludei has updated their compiler

Regards

Andy
- zeroflag
- - Joined 30 May, 2015
  - 22 topics • 70 posts
- 1
- 11 Feb, 2016
- Quote
Ludei has updated their compiler

Regards

Andy

Dude Ludei is free complier like intel xdk or not ? please advise
- TheRealDannyyy
- - Joined 30 Sep, 2014
  - 95 topics • 1,192 posts
- 1
- 11 Feb, 2016
- Quote
I guess some people take a look on the progress with Intel XDK's version of the compiler from time to time.

It would be really appreciated if someone could keep us up to date, if this is gets fixed later on and post it here.