cordova-android is vulnerable to man-in-the-middle (MitM) attacks. These attacks are possible because the Gradle distribution is downloaded using http, not https. This download happens when the project is build using scripts, the first build or the first time Android is added to cordova.