How to "FIX" google play security warnings. (CORDOVA UPDATE IN XDK)

1

Stats

1,819 visits, 2,454 views

Tools

Translations

This tutorial hasn't been translated.

License

This tutorial is licensed under CC BY 4.0. Please refer to the license text if you wish to reuse, share or remix the content contained within this tutorial.

Published on 20 Jan, 2015. Last updated 19 Feb, 2019

Hi gang,

In October of 2014 if you had apps published to the google play store using cordova via intel XDK you probably received an email that looked a lot like this...

THE EMAIL FROM GOOGLE

This is a notification that your com.jameslimitlessdomains.com.balloons, com.jameslimitlessdomains.com.cb11, com.jameslimitlessdomains.com.f1app, com.jameslimitlessdomains.com.paint4, playstore.egg.surprise, who.built.the.ark.xdk, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see cordova.apache.org/announcements ... d-351.html.

Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Regards,

Google Play Team

_____________________________________________________________________________________________________

This has been addressed by the guys at intel and can be fixed fairly easy, but there are

(TWO THINGS YOU NEED TO CHANGE TO MAKE THIS WORK)

#1

As you reload your build into the intel xdk open your "build settings tab"

click on the "app version code" text box and change it to "11"

#2

click in the "crosswalk version" text box and change it to "beta"

this is what it should look like

Make sure that your app ID is the same as the previous version IE (my.app.id)

and Thats it! now you can upload the new version to the build server and complete the build.

This may not seem like much but it will not work if you do not do this,

the stable version does not contain the updated security features so simply "re-building" will not fix the issue.

also, the "beta version" is different so you need to specify that by changing the app version code and when you build your app, you will see this in your log

Updated "versionCode" to "60111".

hope this helps!!!

if you would like me to answer any more questions I will be glad to try... Im not an expert.

but I like to help others and I am now making beginner tutorials on

my website at: http://appcrashcourse.com

if you have a suggestion for a tutorial let me know!!

sometimes the simplest things can evade you when your burned out.

peace, and GOD Bless

  • 0 Comments

Want to leave a comment? Login or Register an account!