Please upgrade to Intel XDK 3088 or later and build with the new CLI 5.x build options available in that release to resolve this issue. The specific issue addressed by this release is outlined in this Google FAQ > https://support.google.com/faqs/answer/6325474

- - - - original message - - - -

If you receive a message from the Google Play Store similar to the following:

Hello Google Play Developer,

Your app(s) listed at the end of this email utilize a version of Apache Cordova, an open-source mobile development framework, that contains one or more security vulnerabilities.

Please migrate your app(s) to Apache Cordova v.4.1.1 or higher as soon as possible and increment the version number of the upgraded APK. Beginning May 9, 2016, Google Play will block publishing of any new apps or updates that use pre-4.1.1 versions of Apache Cordova.

You should migrate your app to our CLI 5.1.1 build system, in preparation for our upcoming CLI 5.4.1 build system. Our CLI 5.4.1 build system will resolve this problem. We are investigating if it is possible to update our CLI 5.1.1 build system, as well, but cannot promise at this time that our CLI 5.1.1 build system can or will be upgraded to resolve this issue.

Note that Google is not removing or deleting your currently published app from their store; they are stating that you will not be able to publish apps or updates to apps built with less than cordova-android@4.1.1 beginning May 9, 2016. Your existing published versions will remain available in the store after that date, and any updates you apply to your apps before that time will also be available in the store.

The CLI version number does not equal the Apache Cordova version number. For details regarding Intel XDK CLI version numbers and the corresponding Apache Cordova version numbers, please read this FAQ > Why does the Cordova version number not match the Projects tab's Build Settings, the Emulate tab, App Preview and my built app?

---- Additional Notes ----

The transition from CLI 5.1.1 to our upcoming CLI 5.4.1 should be easier than the process of going from CLI 4.1.2 to CLI 5.1.1; however, there is no guarantee that it will be "seamless," every situation is different. The specific plugins you use generally has the most impact on changing the version of CLI, so trying different plugin versions, especially newer versions of featured and third-party plugins is the best place to start, when upgrading your project to a new version of CLI.

The version of cordova-android that will be in the CLI 5.4.1 build system does meet the requirements set by the Google Play store. We hope to do the same for CLI 5.1.1, but there is no guarantee, at this time, that we will be able to do so. We will update the forum as new information becomes available.

To upgrade your project to CLI 5.1.1 open the Build Settings pane on the Projects tab and select the pencil icon next to the Cordova CLI Version field. When you upgrade the CLI version you may be prompted to also upgrade the version of your plugins (especially the core Cordova plugins). In most cases it is best to accept the recommended upgrades to the plugins. Note that most featured and third-party plugins will NOT have a recommended version upgrade; however, after testing you may find that you also need to upgrade some of those plugins. Since each project is unique, there is no hard and fast rule regarding whether you should upgrade every plugin in your project, we recommend that you test your project on real devices before submitting your app to the store.

Details and documentation regarding how to work with the Projects tab, plugins and the plugin management tool can be found in the Intel XDK documentation:

• https://software.intel.com/en-us/xdk/docs/using-the-projects-tab
• https://software.intel.com/en-us/xdk/docs/add-manage-project-plugins
• https://software.intel.com/en-us/xdk/docs/adding-third-party-plugins-to-your-xdk-cordova-app

If you are experiencing issues with your upgrade from CLI 4.1.2 to CLI 5.1.1, please see this forum post for possible solutions > https://software.intel.com/en-us/forums/intel-xdk/topic/606371

For details regarding the reason that Google is making this policy change, please see this Google Play FAQ titled "How to fix apps with Apache Cordova vulnerabilities" > https://support.google.com/faqs/answer/6325474