Yellow Security Alert given to my apps on Google Play

Security alert

Your app contains one or more libraries with known security issues. Please see this Google Help Centre article for details.

Vulnerable JavaScript libraries:

|Name|Version|Known issues|Identified files|

Does anyone know how I can sort the above?

Are you using the jQuery Mobile controls?

If so, that’s the problem. They’re based on jQuery 2.2, which is no longer considered secure. The current version of jQuery 3.4.1 which is fine. The authors of jQuery Mobile haven’t updated their code since 2014: it does not work with the current jQuery.

To solve this problem, you’ll need to migrate to Bootstrap 4. Here’s more info:


I have several projects based on JQM so I’ll tell you what your options are…

If you have too much time invested or you’re too near launch to pull back now you still have some options with JQM.

The Good News:
JQM was updated to 1.5 and moved from Alpha to Beta status and the 1.5 does use the later versions of JQuery.

The Bad News:
1.5 is not a drop in fix. All of the things that were deprecated and planned for removal in 1.5 were, indeed, removed. This means that a lot of your page handling code will need to be rewritten and you can expect things like your headers and other controls to need work.

The Future:
The Jquery team seems to be in disarray. The guy who was working on JQM has left the project and a lot of the JQM controls have been moved to JQUI or dropped from JQM because later versions of those controls already exist in JQUI. Their thinking seems to be JQM will die and you will use the Jquery + Jquery-UI + plus some page handler + some swipe handler. The result will be big, fat and slow AND as is typical with JQuery, they’re sticking with a web based strategy while the world is moving to mobile access. In the forums, their own moderators are telling people to NOT start any new projects with JQM.

Bottom Line:
If you need to use 1.5 just to get this version shipped, it’s probably your best and fastest bet BUT you will eventually have to rewrite.

An Option:
I have found Framework7 to be the easiest port. It’s free, pretty easy to understand but (fair warning) their developers can be very snarky in the forums (but so can JQM’s). You can find Framework7 here.

1 Like

Thanks for getting back to me, I know George said that JQ mob haven’t updated for around 5 years, I started this project around 4 years ago with JQ mob and I have only just finished it. Just in time for it to be finally outdated in witting. :slight_smile: I had a look at that Framework7 and it seems to be js orientated so I think I may struggle with that, thanks for your help.


Used the controls from JQ in NSB from a long time ago up to the present date :slight_smile: Think I may have a break, Google have only given me a yellow warning so far. I will move my app into Bootstrap soon.
Thanks George.

AppStudio has all the definitions for the Bootstrap controls built into the Design Screen - it will probably easier to use. (None exist for Framework 7). Plus, there’s a conversion utility.

1 Like

Thanks George, I will be using the conversion facility along with bootstrap in AppSudio. I’m hoping that my project shouldn’t have two many problems converting. I’ve never changed any of the names for the controls for example:
Checkbox, Button, Textbox, RadioButton and Select have always stayed as they are but just an increment in number for difference.

The day someone writes a .php script to move existing JQM apps to Framework7 will be the day that JQM dies for good.

I’m getting this same warning from Google but it’s referencing “jquery3”. I have never used any jQuery mobile controls. I did have bootstrap3 but used the AppStudio conversion utility to convert all bs3 to bs4 controls. Conversion worked great but did not clear the warning from Google for all our updated apps.

Any way to manually remove or change the jquery3 reference in my apps?

The warning includes the following:
“jquery 3.3.1 SNYK-JS-JQUERY-174006 assets/www/nsb/library/jquery3.js”

This is fixed by using jQuery 3.4. The next release of AppStudio (coming real soon now) takes care of this.

1 Like

Ok, thanks George.
By the way, the conversion utility saves us a TON of time. Thanks for that :slight_smile:

Hi, so I won’t have to change the framework of my older JQ mob apps to bootstrap if I wait for next release?

PS I know it’s not a permanent fix but to get rid of the annoying yellow triangle security alert symbols next to your apps, just go to the security alert option in the menu window on left hand side (Google play Developer Console) and click dismiss. Exit and then re-open Google Play Developer Consol and It’s like majic :slight_smile: every thing goes back to normal for a while. :sunny:


No joy for jQuery Mobile. This message is just one more nail in the coffin.

Bootstrap 4 and 3 will benefit from the new version.

So am I understanding this correctly, once converted from JQ mob to BS4 I may have to convert again to latest JQ version?


The update to the latest version of jQuery will happen automatically with the new release of AppStudio. It’s functionally identical, so you won’t need to make any changes to your project.