On October 3rd, we blogged that although Worklight customers applied a needed security fix, Google would still flag some Android apps in the Play store as still needing the security fix: https://www.ibm.com/developerworks/community/blogs/worklight/entry/google_play_store_incorrectly_flagging_worklight_apps?lang=en

Within the last few days, Google Play appears to have modified their flagging technique, based on our outreach to them. This new flagging technique will take into consideration Worklight customers that applied the security fix. So for new APKs published to the Play store, Google will no longer incorrectly flag them as needing the security fix. If you upload a new APK now, there should not be any more false positive flags created.

If your app had been incorrectly flagged by the Play Store previously (even though you applied the security fix) and that flag is still present, you need to trigger the Play store to run another scan of your app to clear the flag. This new scan will use the updated criteria we provided Google. Based on observation, the Play Store will scan only newly-uploaded APKs. Thus to clear an incorrect flag, you will need to upload a new APK to the Play store. Even though you don't need to change application code, each new APK in the Play store requires a unique android:versionCode in AndroidManifest.xml, or incrementing the android version name in Worklight's application-descriptor.xml. The Play Store will check for that unique version data when you upload a new APK. Generate your new APK that contains the new version data. After you have uploaded the new APK to the Play Store, publish it to production. The Play Store's scan will run only against APKs which are published. The Play Store's scans run several times a day, based on observation. When the scan is complete any incorrect flags should disappear. There may still be the original warning message in the Alerts section of the Google Play Developer Console, but the yellow warning icon should no longer be present in the All Applications view of the Google Play Developer Console.

If after doing this the flag is still present, and you have waited for at least 12 hours for the Play Store scan to run, it is suggested that you verify that the security fix is present in your Worklight Studio: See the section titled "Verify that the patch was applied" at https://www.ibm.com/developerworks/community/blogs/worklight/entry/action_required_cordova_android_security_update