“tel”, “sms”, and “mailto” no longer working in Android after upgrading to cordova 3.6.3

Question

I recently upgraded my cordova based Android app from 3.5.0 to 3.6.3. The special links "tel", "sms", and "mailto" stopped working. When clicked, nothing happens. Is there anything I can do in the AndroidManifest.xml, or Confix.xml or anything else to get them back working?

I built two identical and very simple android apps to prove my suspicion, one with cordova 3.5.0 and one with 3.6.3. Both of them have a simple link:

<a href="tel:1(858)xxx-xxxx">Call</a>

The first one works, the second one doesn't work.

I think they added a security feature that blocks intents somehow.

PS: both apps built like this:

cordova create app com.tmp.app "App"
cordova platform add android

and in index.html, I added the telephone link above on the device ready block.

Please help.

score 91 · Answer 1 · edited Dec 24 '22 at 06:31

91

I finally found the answer. All you have to do is add the following to config.xml:

<access origin="tel:*" launch-external="yes"/>
<access origin="geo:*" launch-external="yes"/>
<access origin="mailto:*" launch-external="yes"/>
<access origin="sms:*" launch-external="yes"/>
<access origin="market:*" launch-external="yes"/>

It all started by IBM!!!

IBM Cordova Security Issues

edited Dec 24 '22 at 06:31

starball

20,030
7
43
238

answered Oct 09 '14 at 16:40

abelabbesnabi

1,819
1
16
21

8

This did not work for me until I removed: . – Carl Prehn Apr 29 '15 at 01:00
2

This `launch-external` is currently not documented in Whitelist plugin but according to code it does the same as `` tag – Sebastien Lorber Jul 24 '15 at 10:29
1

Instead of simple link, window.open('geo:xxxxx,xxxxxx', '_system') worked for me, after removing too – Michael Dec 01 '15 at 20:27
The `mailto` and `tel` helped me! However I still can't figure out how to get the sms to work for iOS.. Any clues? – Shotbyabel Jul 21 '16 at 22:14
you have to install whilelist plugin first, what I failed to do so :), after did it worked like charm – narancs Aug 30 '17 at 18:28

score 8 · Answer 2 · answered Oct 09 '14 at 09:58

I had an App built on 3.5.1 version and all special links were working fine. But when i upgraded on the latest version 3.6.3 then they did not work.

So I made below changes in the code and now they works fine.

Add InAppBrowser plugin

cordova plugin add org.apache.cordova.inappbrowser

Create custom function in your JS file to open special links within the InApp browser

var app = {
        initialize: function() {
        this.bindEvents();
    },         
    bindEvents: function() {
        document.addEventListener('deviceready', this.onDeviceReady, false);
    },         
    onDeviceReady: function() {
        app.receivedEvent('deviceready');
    },
    openNativeAppWindow: function(data) {
        window.open(data, '_system');
    }

};

The place where you are invoking special links like sms or tel then pass on your custom url with data and let it open the native browser window which in turn will push the native App to handle the special urls.

Few example:

<br><br><input type="button" onClick="app.openNativeAppWindow('http://google.com')" value="Open Google"/>
            <br><br><a onClick="app.openNativeAppWindow('geo://0,0?q=dallas')" data-rel="external">google maps</a>
            <br><br><a onClick="app.openNativeAppWindow('geo:0,0?q=Bacau')">Geolocation Test</a>
            <br><br><a onClick="app.openNativeAppWindow('geo:0,0?q=34.99,-106.61(Treasure)')">longitude & latitude with a string label</a>
            <br><br><a onClick="app.openNativeAppWindow('geo:0,0?q=1600+Amphitheatre+Parkway%2C+CA')">street address Test</a>
            <br><br><a onClick="app.openNativeAppWindow('sms:2125551212')">SMS</a>
            <br><br><a onClick="app.openNativeAppWindow('mms:2125551212')">MMS</a>
            <br><br><a onClick="app.openNativeAppWindow('tel:2125551212')">Open Phone Dialer</a>

I will give it a try AAhad. Thank you very much. just one question: Will it open the InAppBrowser then redirect or would it go straight to the phone or email applications? Because an intermediate phase (going through the InAppBrowser) on the screen would not be a good experience. Thanks again. — abelabbesnabi, Oct 09 '14 at 15:49

score 5 · Answer 3 · answered Oct 18 '15 at 01:16

5

As of Cordova 4.0 you must include the whitelist plugin.

<gap:plugin name="cordova-plugin-whitelist" source="npm" />
<allow-intent href="tel:*" />

https://github.com/apache/cordova-plugin-whitelist

answered Oct 18 '15 at 01:16

almo

6,107
6
43
86

score 3 · Answer 4 · edited May 13 '16 at 05:49

Modify the Cordova whitelist

One of the security fixes involves creating a new whitelist for non http/s protocols. If your application uses other protocols besides http:// and https://, such as sms:, mailto:, geo:,tel: etc., then you will need to make some configuration changes to add these protocols to the whitelist.

This is easy to do:

Open up the Cordova config.xml file, located at: yourProject --> apps --> yourProject --> android --> native --> res --> xml --> config.xml. Note: If you have a file located at yourProject --> apps --> yourProject --> android --> nativeResources --> res --> xml, you will have to make the changes to this file (under the nativeResources folder) instead, since if this file exists, it will overwrite the config.xml in /native/ folder when the app is rebuilt.

Scroll to your whitelist entries. You should see items listed like this:

<access origin="https://my.company.com/resources" />
<access origin="http://*.othersupplier.com" />

For every non http/https protocol that you use, you will have to add a whitelist entry like this:

<access origin="sms://*" launch-external="true" />
<access origin="mailto://*" launch-external="true" />

The launch-external attribute will tell Cordova to allow this URL to be handled by other applications in Android system - not by the currently running Cordova/Worklight application.

This will mean that when a user clicks on a <a href="sms:555..."> link, Android will let whatever application is registered to sms: handle the request.

If the only entry that is in your whitelist looks like this:

<access origin="*" />

then your application will allow resource requests to any internet resource, which could open your application to certain kinds of attacks.

You should list specific domains in this tag that you want to be able to access.

If your whitelist looks like this:

<access origin="https://www.ibm.com" />
<access origin="https://my-worklight-server.company.com" />

and inside your application you utilize the mailto: protocol to open a user's email client, and the geo: protocol to display a map, then you should modify the whitelist to look like:

<access origin="https://www.ibm.com" />
<access origin="https://my-worklight-server.company.com" />
<access origin="mailto://*" launch-external="true" />
<access origin="geo://*" launch-external="true" />

HTML :

<a href="tel:+212x-xx-xx-xx-xx">Call</a>

Add to file "config.xml" :

<access origin="tel:*" launch-external="yes"/>

source :

https://www.ibm.com/developerworks/community/blogs/worklight/entry/action_required_cordova_android_security_update?lang=en`

The `mailto` and `tel` helped me! However I still can't figure out how to get the sms to work for iOS.. Any clues? — Shotbyabel, Jul 21 '16 at 22:15

score 0 · Answer 5 · answered Dec 18 '20 at 20:36

0

If you have these lines in your config.xml, then comment them out.

<!--<allow-navigation href="*" />
<allow-navigation href="*://*" />-->

answered Dec 18 '20 at 20:36

Patrick Husting

53
4

“tel”, “sms”, and “mailto” no longer working in Android after upgrading to cordova 3.6.3

5 Answers5

Linked