If you’re like me, you’ve been developing applications with Apache Cordova or Ionic Framework for a while now. Long enough to have received an email from Google Play stating that they are going to remove your application if you don’t update your published application to a more secure version of Apache Cordova.
Apache Cordova announcement:
Security issues were discovered in the Android platform of Cordova. We are releasing version 3.5.1 of Cordova Android to address these security issues. We recommend that all Android applications built using Cordova be upgraded to use version 3.5.1 of Cordova Android. Other Cordova platforms such as iOS are unaffected, and do not have an update.
So how does one go about fixing something like this? A security flaw like this isn’t the first and it probably won’t be the last.
The Apache Cordova CLI is a powerful beast. With this in mind, the first thing you should do is update it to the latest version:
sudo npm update -g cordova
More information on updating CLIs can be found in one of my previous posts.
You’re not done yet. We only updated the CLI, not the platform like Android or iOS.
Using your command prompt, navigate to your Apache Cordova project root and run the following command to see what can be updated:
cordova platform check
The above command should tell you which platform updates are available. Here are some things to note when updating:
With this in mind, it is now time to update one of the platforms.
cordova platform update android cordova platform update ios
The above two commands will update your Android and iOS platforms. It is important you clean your project and test your code after updating to make sure nothing broke between versions.
With your platforms updated, you should no longer receive removal threats from Google Play or Apple.