Hi,

Thanks for the report. I will ask the XDK team to look into this issue. 

Thanks,
Alex

@Ramith Hettiarachchi 

I had the same problem , in the project bar pu there 3.5.1 Cordova version

BTW anyone had my problem?

I received a mail from Google Play with the same issue 2 days ago. Someone help to fix this please.

Hi,

we are still discussing this internally. I will keep you updated. 

Thanks,
Alex

Ok, 

I'm waiting 

Btw Thank you for helping us.

I have the same problem, I received the same message in all my apps :(

Hi everyone I had the warning message with my games @googleplay for a week which were on and off changing everyday. And yesterday I got the same exact email from Google.

I really wish there will be an update with Intel XDK since there is a threat of our games/apps being removed from Googleplay.

Hi,

I have a response from the XDK team:

This warning from Google Play pertains to the App Security API plugin which includes the older OpenSSL library.   This plugin is being updated and will be available in the next Intel XDK release after the first of the year.  In the meantime, you shouldn’t need to worry about the security as the plugin does not actually use the vulnerable part of the Open SSL code.  So, you should be prepared to update your app when we get the plugin updated.

Thanks,
Alex

Hi @Alexander Weggerle,

I just would like to ask if there is  a way to publish a quick update of XDK only for this SSL problem since we see many people facing this issue. I know I am asking too much but it seems there is a danger I see that Googleplay might remove our games from the system and people are worried.

Please check the forum and the chat session in the following link in Scirra Forum:

https://www.scirra.com/forum/google-play-alert-about-openssl_t121003?start=20

It says

Murphy 2:37 PM
Currently, there's no deadline at the moment, our policy team has just states "ASAP".

Thank You and Regards

Volkan

Hi Volkan,

thanks for your input. This is really helpful and I take that for further internal discussions. 

Thanks,
Alex
 

This is not the same issue as the first user posted. You simply need to rebuild your app, specifying Cordova 3.5.1 in the Project Settings of the XDK. Once you do this, you can resubmit your app to the Play Store and you should not see this message.

Ramith Hettiarachchi wrote:

 

I also got a similar problem

Security alert

This app is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

 For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html


I think we will have to wait for an upgrade from xdk.

 

@Alexander Weggerle (Intel) Thank You for your concern and quick reply I really hope the issue can be resolved As soon as possible.

Also a user @Scirra forums said:

If you update the OpenSSL this fixes the problem. The errors have gone away for me after I then re built my apps

I updated here: http://cygwin.com/install.html but you can install without cygwin: http://slproweb.com/products/Win32OpenSSL.html

Just for your information. 

I am glad I could be helpful. 

@Alexander Weggerle (Intel)

So , i understand that the problem will disappear after the new Intel XDK update?

Am i right?

And if yes , does antone know when will be this?

Thank's a lot.

Hi,

We are still investigating on this and will work on an update as soon as the investigation is finished. At the moment it looks like the particular OpenSSL implementation had the security fixes backported... This is good because it means the apps are not vulnerable but on on the other side it will not help with the Google Play store. 

So stay tuned we will fix it soon!

Alex

Ok,

Thank you.

Thanks!

JOHN H. (Intel) wrote:

This is not the same issue as the first user posted. You simply need to rebuild your app, specifying Cordova 3.5.1 in the Project Settings of the XDK. Once you do this, you can resubmit your app to the Play Store and you should not see this message.

 

Quote:

Ramith Hettiarachchi wrote:

 

 

I also got a similar problem

Security alert

This app is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.

 For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html


I think we will have to wait for an upgrade from xdk.

 

 

 

Hello,

Anything new about the topic? 

Does anyone knows when the update will come?

Hi,

sorry for the late update from my side. The official communication for this issue moved to this forum. You find your answers there and this forum is monitored by the XDK developers so you have a more direct contact. 

Thanks,
Alex

Hello,

I've update my app and that alert came again, solutions?