My Keyboard App generates the following warning on Google Play:
Your app contains an unsafe unzipping pattern that may lead to a path traversal vulnerability. Please see this Google Help Centre article to learn how to fix the issue.
com.tavultesoft.kmea.util.ZipUtils.unzip
It doesn’t block anything but may be worth someone looking into.
Keyboard App Builder 2.6.5 seems to bundle 13.x. I don’t know whether I can just replace the embedded .aar file inside KAB but when I tried hacking that in the app didn’t work somewhat unsurprisingly. This page says the fix is in 15.0.9 alpha.
Not a bit deal; happy a fix is in the works. It’s probably mainly a KAB issue then, to migrate to the fixed kmea version.