-
### Finding Description
The application was found to be using a target SDK less than 29. Beginning August 2021, targeting an SDK level of 29 or higher will be a requirement for publishing to the Goog…
-
### Finding Description
The app is vulnerable to the Janus exploit.
Janus ([CVE-2017-13156](https://nvd.nist.gov/vuln/detail/CVE-2017-13156)) exposes a critical flaw in Android's APK validation proc…
-
## Issue
### **What is the issue?**
SKF has a knowledge base and code examples
we could add the relevant SKF knowledge base items (MASVS, ASVS and custom descriptions) to CRE.
Let's do this
-
Hi,
I'm performing a security tests on an android mobile app that uses android-checkout-sdk.
While doing code analysis of the app I've stumbled upon an issue with: `The file or SharedPreference is…
-
By including the URL of the intended website within the SMS, it would mean websites and apps could automatically detect and read a 2FA SMS message, inputting the data. This would certainly be more con…
-
### Finding Description
ATS Exemptions were identified within the app and need to be reviewed to ensure they are both appropriate and have allowable exemptions.
On Apple platforms, a networking secu…
-
Mobile Security Framework (MobSF) reports high risk error that comes from the android part of package.
**Error details:**
[The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This conf…
-
### Finding Description
All permissions are defined in the `AndroidManifest.xml` of the binary, and Android has labeled some as dangerous because of the data or functionality that they grant access t…
-
### Finding Description
The information specified has been found within external storage locations on the device. Data written to device storage can be accessed through several attack vectors. Data s…
-
### Finding Description
The app defines some custom URL schemes.
[Custom URL schemes](https://github.com/OWASP/owasp-mastg/blob/v1.5.0/Document/0x06h-Testing-Platform-Interaction.md#testing-custom-u…