Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
cordova-plugin-device
Advanced tools
This plugin defines a global device
object, which describes the device's hardware and software.
Although the object is in the global scope, it is not available until after the deviceready
event.
document.addEventListener("deviceready", onDeviceReady, false);
function onDeviceReady() {
console.log(device.cordova);
}
cordova plugin add cordova-plugin-device
Returns the Cordova platform's version that is bundled in the application.
The version information comes from the cordova.js
file.
This property does not display other installed platforms' version information. Only the respective running platform's version is displayed.
Example:
If Cordova Android 10.1.1 is installed on the Cordova project, the cordova.js
file, in the Android application, will contain 10.1.1
.
The device.cordova
property will display 10.1.1
.
The device.model
returns the name of the device's model or
product. The value is set by the device manufacturer and may be
different across versions of the same product.
// Android: Pixel 4 returns "Pixel 4"
// Motorola Moto G3 returns "MotoG3"
// Browser: Google Chrome returns "Chrome"
// Safari returns "Safari"
// iOS: iPad Mini returns "iPad2,5"
// iPhone 5 returns "iPhone5,1"
// See https://www.theiphonewiki.com/wiki/Models
// OS X: returns "x86_64"
//
var model = device.model;
The model value is based on the identifier that Apple supplies.
If you need the exact device name, e.g. iPhone 13 Pro Max, a mapper needs to be created to convert the known identifiers to the associated device name.
Example: The identifier iPhone14,3
is associated to the device iPhone 13 Pro Max
.
For the full list of all identifiers to device names, see here
Get the device's operating system name.
var string = device.platform;
// Depending on the device, a few examples are:
// - "Android"
// - "browser"
// - "iOS"
//
var devicePlatform = device.platform;
Get the device's Universally Unique Identifier (UUID).
var string = device.uuid;
The details of how a UUID is generated are determined by the device manufacturer and are specific to the device's platform or model.
// Android: Returns a random 64-bit integer (as a string, again!)
//
// iOS: (Paraphrased from the UIDevice Class documentation)
// Returns the [UIDevice identifierForVendor] UUID which is unique and the same for all apps installed by the same vendor. However the UUID can be different if the user deletes all apps from the vendor and then reinstalls it.
//
var deviceID = device.uuid;
The uuid
on Android is a 64-bit integer (expressed as a hexadecimal string). The behaviour of this uuid
is different on two different OS versions-
For < Android 8.0 (API level 26)
In versions of the platform lower than Android 8.0, the uuid
is randomly generated when the user first sets up the device and should remain constant for the lifetime of the user's device.
For Android 8.0 or higher
The above behaviour was changed in Android 8.0. Read it in detail here.
On Android 8.0 and higher versions, the uuid
will be unique to each combination of app-signing key, user, and device. The value is scoped by signing key and user. The value may change if a factory reset is performed on the device or if an APK signing key changes.
Read more here https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID.
The uuid
on iOS uses the identifierForVendor property. It is unique to the device across the same vendor, but will be different for different vendors and will change if all apps from the vendor are deleted and then reinstalled.
Refer here for details.
The UUID will be the same if app is restored from a backup or iCloud as it is saved in preferences. Users using older versions of this plugin will still receive the same previous UUID generated by another means as it will be retrieved from preferences.
The uuid
on OS X is generated automatically if it does not exist yet and is stored in the standardUserDefaults
in the CDVUUID
property.
Get the operating system version.
var string = device.version;
// Android: Froyo OS would return "2.2"
// Eclair OS would return "2.1", "2.0.1", or "2.0"
// Version can also return update level "2.1-update1"
//
// Browser: Returns version number for the browser
//
// iOS: iOS 3.2 returns "3.2"
//
var deviceVersion = device.version;
Get the device's manufacturer.
var string = device.manufacturer;
// Android: Motorola XT1032 would return "motorola"
// iOS: returns "Apple"
//
var deviceManufacturer = device.manufacturer;
whether the device is running on a simulator.
var isSim = device.isVirtual;
Get the Android device's SDK version (SDK_INT).
The isVirtual
property on OS X and Browser always returns false.
Get the device hardware serial number (SERIAL).
var string = device.serial;
As of Android 9, the underlying native API that powered the uuid
property is deprecated and will always return UNKNOWN
without proper permissions. Cordova have never implemented handling the required permissions. As of Android 10, all non-resettable device identifiers are no longer readable by normal applications and will always return UNKNOWN
. More information can be read here.
The iOS app is running on the Mac desktop (Apple Silicon ARM64 processor, M1 or newer). This parameter is only returned for iOS V14.0 or later, and is not returned for Android devices.
var boolean = device.isiOSAppOnMac;
As of May 1, 2024, Apple requires a privacy manifest file to be created for apps and third-party SDKs. The purpose of the privacy manifest file is to explain the data being collected and the reasons for the required APIs it uses. Starting with cordova-ios@7.1.0
, APIs are available for configuring the privacy manifest file from config.xml
.
This plugin comes pre-bundled with a PrivacyInfo.xcprivacy
file that contains the list of APIs it uses and the reasons for using them.
However, as an app developer, it will be your responsibility to identify additional information explaining what your app does with that data.
In this case, you will need to review the "Describing data use in privacy manifests" to understand the list of known NSPrivacyCollectedDataTypes
and NSPrivacyCollectedDataTypePurposes
.
For example, if you collected the device ID for app functionality and analytics, you would write the following in config.xml
:
<platform name="ios">
<privacy-manifest>
<key>NSPrivacyTracking</key>
<false/>
<key>NSPrivacyTrackingDomains</key>
<array/>
<key>NSPrivacyAccessedAPITypes</key>
<array/>
<key>NSPrivacyCollectedDataTypes</key>
<array>
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypeDeviceID</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<false/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<string>NSPrivacyCollectedDataTypePurposeAnalytics</string>
<string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
</array>
</dict>
</array>
</privacy-manifest>
</platform>
Also, ensure all four keys—NSPrivacyTracking
, NSPrivacyTrackingDomains
, NSPrivacyAccessedAPITypes
, and NSPrivacyCollectedDataTypes
—are defined, even if you are not making an addition to the other items. Apple requires all to be defined.
FAQs
Cordova Device Plugin
We found that cordova-plugin-device demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 18 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.