Trend Micro discovered a vulnerability in the Apache Cordova framework.
Designated as CVE-2015-1835, this high-severity vulnerability affects all versions of Apache Cordova up to 4.0.1.
Android applications built with the Cordova framework that don’t have explicit values set in Config.xml can have undefined configuration variables set by intent.
This can cause unwanted dialogs appearing in applications and changes in the application behaviour that can include the app force-closing.
Apache has released a security bulletin confirming the vulnerability. This means that majority of Cordova-based apps, which accounts for 5.6% of all apps in Google Play, are vulnerable.