Google Play warning: You are using a vulnerable version of Apache Cordova

I received this warning from Google for 2 of my apps.

"Google Play warning: You are using a vulnerable version of Apache Cordova

Your app(s) listed at the end of this email utilize a version of Apache Cordova, an open-source mobile development framework, that contains one or more security vulnerabilities. If you have more than 20 affected apps in your account, please check the Developer Console for a full list.

Please migrate your app(s) to Apache Cordova v.4.1.1 or higher as soon as possible and increment the version number of the upgraded APK. Beginning May 9, 2016, Google Play will block publishing of any new apps or updates that use pre-4.1.1 versions of Apache Cordova.

The vulnerabilities were addressed in Apache Cordova 4.1.1. If you’re using a 3rd party library that bundles Apache Cordova, you’ll need to upgrade it to a version that bundles Apache Cordova 4.1.1 or later.

I’m using ng-cordova.min.js (version v0.1.17-alpha). I see the latest version is v0.1.23-alpha.

Will moving to the new version fix the issue reported by Google?


1 Like

ngCordova is different to Cordova. You’ll want to update the Cordova version on your system which can be done by running:

npm install -g cordova

and then rebuild / resubmit your applications.

Great, thanks! I will do that now.

Even I got the same mail… I have a doubt whether we need to update the cordova CLI or version of Cordova running on the device?

if you update your cli version and rebuild your apps --> the apps are using the new cordova version… there is no difference i think

I updated my cordova CLI version to 4.2.0 but after the build, the version of Cordova running on the device is 3.6.4 . Any suggestions?

I got the same email; however, the version of my app listed was an older version I didn’t have published anymore. The newest version of my app was already updated.

The main Cordova version may be different then the version for each platform. To check the version for each platform type cordova platform version android

To update the specific platform you can run cordova platform update android
(You can replace android with any other platform, e.g., ios)

The current platform version of a cordova app can be checked by the following command

cordova platform version android
And can be upgraded using the command

cordova platform update android
You can replace android by any of your platform choice like “ios” or some else.

This only applies to android platform. I have not checked. You can try replacing android in the code segments to try for other platforms.