Is there a recommended way to remove access to unneeded PhoneGap APIs? For example

Question

0

Editorial Team

Asked: May 25, 20262026-05-25T20:59:24+00:00 2026-05-25T20:59:24+00:00

Is there a recommended way to remove access to unneeded PhoneGap APIs? For example

0

Is there a recommended way to remove access to unneeded PhoneGap APIs?

For example our app does not need to access the contact database.

With normal web pages, an XSS vulnerability is sandboxed to only affect one site (the browser prevents any contagion to other sites). With a PhoneGap application, by default, an XSS vulnerability can access the contacts list or any other part of the PhoneGap API.

I want to avoid the Skype situation where an XSS vunerability in Skype allowed an attacker to copy the address books of their users: http://www.macnn.com/articles/11/09/20/users.address.books.could.be.copied/

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T20:59:25+00:00

Editorial Team

2026-05-25T20:59:25+00:00Added an answer on May 25, 2026 at 8:59 pm

In your app, under PhoneGap.plist/Plugins, remove any rows for plugins that are not needed – this will remove access from JavaScript.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is there a recommended way to remove access to unneeded PhoneGap APIs? For example

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply