Security alert in Play Store who get this

0 favourites
From the Asset Store
This Student Workbook uses both Construct 3 & 2 encoding. It supplies client-side & php "back-end" encoding.
  • As others have noted, C2 doesn't specify a Cordova version - it should use whichever is the latest. So just rebuilding your app should fix this, provided the build system is using a new enough Cordova version. If the build system isn't updated yet, I'm sure they'll be on it soon, since they will be inundated with reports from everyone who uses it!

    FWIW, this seems to happen from time to time on Google Play - Google are pretty pro-active about weeding out any apps that use any libraries with known vulnerabilities.

  • Any idea when IntelXDK will be using a newer version of Cordova? I have been getting these security emails for over a year now.

    I just published 3 new apps (all within the last month) and each one of them got this security warning.

  • As always scirra say : its not us !! Its your problem

  • As always scirra say : its not us !! Its your problem

    In this case, it is not scirra. Scirra is not building it with cordova, can't blame them for something a third party is adding on.

  • As always scirra say : its not us !! Its your problem

    Probably because it is not Scirra that makes the cordova, but I don't see any reason to panic as I'm quite sure that both xdk and cocoon will fix this well within the time limit that google play has told us.

  • Basically, Intel needs to release CLI version 5.4.1 to correct the issue. Don't know the timeframe on when they're gonna release that. We're currently on 5.1.1 which has an outdated version of Cordova..

  • This is the link that Google Play gave me:

    https://support.google.com/faqs/answer/6325474

  • Here's the problem: Google Play states the following in the email (I also got the email) :

    While these specific issues may not affect every app that uses Apache Cordova, it’s best to stay up to date on all security patches. Apps with vulnerabilities that expose users to risk of compromise may be considered Dangerous Products in violation of the Content Policy and section 4.4 of the Developer Distribution Agreement.

    So if you don't update your apps, technically you could get a Google Play account strike after May 2016.

    Here's the kicker; I've updated apps in the past for similar issues and the update launches another verification of your app. During that verification there is a reasonable chance that your app will get flagged for a totally unrelated issue and generate a policy strike. It happened to me last time. A 2-year old app got a policy strike for something it was not violating.

    So, do we feel lucky?

  • This is the link that Google Play gave me:

    https://support.google.com/faqs/answer/6325474

    That link is useless.

    Once again, it's nothing that we can do until Intel updates XDK with an updated version of CLI that has an updated version of Cordova.

  • As always scirra say : its not us !! Its your problem

    No need to worry. This has happened before and was fixed by Intel (since it's their job to fix this) and I was able to rebuild.

  • This is so weird everyone imagine if you have like around 100 apps on the market and if this thing happens again in the future we will need to update all of our 100 apps?? Anyway at least let's hope Intel and Ludei updates their wrapper as soon as possible. Btw does anyone know how will we ever know when they are updated??

  • This is so weird everyone imagine if you have like around 100 apps on the market and if this thing happens again in the future we will need to update all of our 100 apps??

    Yes And be at ease, if you are a web designer and you have 100 clients who requested WordPress sites from you and one day someone finds a vunerability inside WordPress you would have to update all 100 sites (if you still work for them). Since it's just a rebuild, unless you use lot's of plugins, you can expect everything to work just fine.

  • Ludei has updated their compiler

    Regards

    Andy

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Ludei has updated their compiler

    Regards

    Andy

    Dude Ludei is free complier like intel xdk or not ? please advise

  • I guess some people take a look on the progress with Intel XDK's version of the compiler from time to time.

    It would be really appreciated if someone could keep us up to date, if this is gets fixed later on and post it here.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)