Google Play warning: You are using a vulnerable version of Apache Cordova

jeudyx · February 9, 2016, 9:15pm

I received this warning from Google for 2 of my apps.

"Google Play warning: You are using a vulnerable version of Apache Cordova

Your app(s) listed at the end of this email utilize a version of Apache Cordova, an open-source mobile development framework, that contains one or more security vulnerabilities. If you have more than 20 affected apps in your account, please check the Developer Console for a full list.

Please migrate your app(s) to Apache Cordova v.4.1.1 or higher as soon as possible and increment the version number of the upgraded APK. Beginning May 9, 2016, Google Play will block publishing of any new apps or updates that use pre-4.1.1 versions of Apache Cordova.

The vulnerabilities were addressed in Apache Cordova 4.1.1. If you’re using a 3rd party library that bundles Apache Cordova, you’ll need to upgrade it to a version that bundles Apache Cordova 4.1.1 or later.
"

I’m using ng-cordova.min.js (version v0.1.17-alpha). I see the latest version is v0.1.23-alpha.

Will moving to the new version fix the issue reported by Google?

Thanks

joshmorony · February 9, 2016, 9:44pm

ngCordova is different to Cordova. You’ll want to update the Cordova version on your system which can be done by running:

npm install -g cordova

and then rebuild / resubmit your applications.

jeudyx · February 9, 2016, 9:46pm

Great, thanks! I will do that now.

kopinath7 · February 10, 2016, 7:40am

Even I got the same mail… I have a doubt whether we need to update the cordova CLI or version of Cordova running on the device?

bengtler · February 10, 2016, 9:04am

if you update your cli version and rebuild your apps --> the apps are using the new cordova version… there is no difference i think

kopinath7 · February 10, 2016, 11:08am

I updated my cordova CLI version to 4.2.0 but after the build, the version of Cordova running on the device is 3.6.4 . Any suggestions?

nvanselow · February 10, 2016, 2:16pm

I got the same email; however, the version of my app listed was an older version I didn’t have published anymore. The newest version of my app was already updated.

The main Cordova version may be different then the version for each platform. To check the version for each platform type cordova platform version android

To update the specific platform you can run cordova platform update android
(You can replace android with any other platform, e.g., ios)

miindia · February 10, 2016, 6:25pm

The current platform version of a cordova app can be checked by the following command

cordova platform version android
And can be upgraded using the command

cordova platform update android
You can replace android by any of your platform choice like “ios” or some else.

This only applies to android platform. I have not checked. You can try replacing android in the code segments to try for other platforms.

Topic		Replies	Views
Version number Apache Cordova ionic-v1	3	1669	February 15, 2016
Security Alert from Google Play Developer Console ionic-v1	0	820	February 13, 2016
Rejected by Google App Store ionic-v1	9	1255	October 6, 2017
Best way to update an ionic app + cordova?	8	3941	November 10, 2014
Google denies app due to wrongly(?) labeling it as Cordova version < 3.5.1 ionic-v1	4	1644	September 13, 2016

Google Play warning: You are using a vulnerable version of Apache Cordova

Related topics