All Things Techie With Huge, Unstructured, Intuitive Leaps

Why I don't like mobile frameworks like Cordova and Phonegap

Here is why I don't like cross-platform mobile app development frameworks based on Javascript.  Google is threatening to take down our app because of a vulnerability.  Here is their email to us:

Subject: Security Alert: Apache Cordova vulnerabilities in your Google Play app

This is a notification that your app, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see

Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.


Google Play Team

So, our app will be considered a dangerous product.  We are scrambling to upgrade.  You don't get these issues with native Java or XCode Objective C.

No comments:

Post a Comment