Google Play’s active warning for Phonegap security issues

Reading Time: 1 minutes

CordovaGoogle Play does play nice with hybrid apps based on Phonegap / Cordova. Even better yet: it recognizes when your app IS based on the hybrid app technology and appears to even check the version your app is based on!

Recently, I got an email – read it down below – from Google Play, stating that the Apache Cordova version needed to be updated to the latest in order to prevent some exposed security leaks to become an issue.
Even more so, they are urging to update the version since they do not tolerate apps that expose people to security risks.

The email from Google Play:

This is a notification that your XX.XXXXX.XXXXXXApp, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html.

Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Regards,

Google Play Team

I think this is a very good development that will keep developers more alert to act on security issues that are surfacing and that it will help app users to be more  safe in the end.