I have An Application developed using Mobile First 7.1. I Added Android Environment and build the Project. I created signed APK from generated Android Project and Uploaded the Google play store and My Application has rejected by Google Play store with below message
Hello Google Play Developer,
We rejected SampleApp, with package name com.Sample.app, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play. This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure. Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK. Vulnerability APK Version(s) Apache Cordova The vulnerabilities were fixed in Apache Cordova v.4.1.1 or higher. You can find information about how to upgrade in this Google Help Center article. 44 To confirm you’ve upgraded correctly, submit the updated version of your app to the Developer Console and check back after five hours to make sure the warning is gone. While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app. Apps must also comply with the Developer Distribution Agreement and Developer Program Policies. If you feel we have made this determination in error, please reach out to our developer support team.
You can't upgrade the Cordova that comes with MobileFirst Platform Foundation 7.1. But, the vulnerabilities that Google is concerned about are addressed in the version of Cordova that's shipped with builds of 7.1 published since those fixes were applied, and Google understands how to recognize a MFP app that has the appropriate fixes applied. So if you apply the most recent iFix for MFP 7.1 and rebuild your app with that, it shouldn't be rejected for that reason.
If you are an IBM customer, the most recent iFix for 7.1 can be obtained here. The fix for this issue is in the Studio component - or CLI, if you build your app that way. If you are using Studio, you apply the fix by adding the Studio ZIP file that you downloaded (which is an Eclipse p2 installation repository) as a software installation source in Eclipse, and updating.