본문 바로가기
모바일/CORDOVA

Your app(s) are using a WebView that is vulnerable to cross-app scripting.

by 죠부니 2019. 4. 22.
반응형

Hello Google Play Developer,

We rejected 앱이름, with package name 패키지명, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.

This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.

VulnerabilityAPK Version(s)Past Due Date

Cross-app Scripting

Your app(s) are using a WebView that is vulnerable to cross-app scripting.

To address this issue, follow the steps in this Google Help Center article.

 11 February 06, 2019

To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours to make sure the warning is gone.

While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app.

Apps must also comply with the Developer Distribution Agreement and Developer Program Policies.

If you feel we have made this determination in error, please reach out to our developer support team.

Best,

The Google Play Team

--

https://ppost.tistory.com/entry/%ED%94%8C%EB%A0%88%EC%9D%B4%EC%8A%A4%ED%86%A0%EC%96%B4%EC%97%90-%EB%B0%B0%ED%8F%AC-%EC%8B%9C-%EC%97%85%EB%8D%B0%EC%9D%B4%ED%8A%B8%EA%B0%80-%EA%B1%B0%EB%B6%80-%EB%8B%B9%ED%95%9C-%EA%B2%BD%EC%9A%B0

 

앱 배포 시 업데이트가 거부(rejected) 당한 경우(feat.Cross-app Scripting)

글을 작성하기에 앞서, 이 글은 나의 월요일을 삭제시킨 삽질에 대한 글이고, 혹여나 같은 내용으로 고통받을 사람들을 위한 글이기도 하다. 앞으로도 고통받을때마다 블로그에 글을 남길 예정이다. Hello Google..

ppost.tistory.com

검색을 해보았다.

혹시나해서 봤더니 나의 경우 카카오톡 SDK버전이 1.12 버전을 이용중이었다.

CORDOVA프로젝트중 해당플러그인 사용중인데

https://www.npmjs.com/package/cordova-plugin-kakao-sdk

 

cordova-plugin-kakao-sdk

Kakao Cordova SDK Plugin

www.npmjs.com

현재 플러그인 버전은 1.16버전으로 업데이트 되어있다.

 

https://github.com/raccoondev85/cordova-plugin-kakao-sdk-example

 

raccoondev85/cordova-plugin-kakao-sdk-example

Ionic 3 plugin usage example project. Contribute to raccoondev85/cordova-plugin-kakao-sdk-example development by creating an account on GitHub.

github.com

 

반응형

'모바일 > CORDOVA' 카테고리의 다른 글

Could not find an installed version of Gradle either in Android Studio  (0) 2020.09.15
cordova 9.0.0  (0) 2020.02.10
CLEARTEXT communication to XXXX not permitted by network security policy  (0) 2019.04.04
transformDexWithDexForRelease  (0) 2019.02.26
cordova-plugin-appversion  (0) 2018.09.20

관련글

티스토리툴바