Fuzion24
commented
8 years ago Any suggestions on the heuristics to use here? Only check CVEs within X years of current build date or something?
Closed giantpune closed 8 years ago
Fuzion24
commented
8 years ago Any suggestions on the heuristics to use here? Only check CVEs within X years of current build date or something?
giantpune
commented
8 years ago if the app cant be installed on android devices less than 4.0.3, then should it check for bugs that were fixed in android 2.3?
Fuzion24
commented
8 years ago My logic here was: if an oem (or community ROM like CM) takes a device with an old kernel and ports a new Android version to it, it's very possible that that device still has said kernel vulnerability. I think we should be very careful about deprecating these kind of checks for that reason. Maybe when the amount of checks that we are running starts to become an issue (because of the time it takes to run, etc), then we can consider doing something like this.
I think a good stop-gap here is: sorting by cve date (currently implemented) so, that the most relevant results are first.
Play store description says that we only support android 4.0.3 and higher. We include a test for psneuter, which was fixed in android 2.3.X. it would take a special kind of screwup somewhere for this test to ever come up as 'failed'.