Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
Other
1.01k
stars
272
forks
source link
UI is not properly stored when the app is getting put to the background. #67
When Android decides our app is no longer important, it gets marshalled/serialized and stored to free up resources for other apps the user is using. It is up to our app to catch the onSaveInstanceState() and save the ui, then restore the Bundle in onCreate().
To trigger the bug, you can open the app, run a scan, then use a bunch of other apps for a while. Then pull up VTS again and view the empty UI.
Alternately, you can enable developer options and enable the 'Dont keep activities' option. Perform a scan in VTS, press the home button to leave the app, and come back to the app.
You can see that the "scan" button is missing, along with most of the UI. There's no easy way for the user to 'go back' to the starting screen and perform a scan.
When Android decides our app is no longer important, it gets marshalled/serialized and stored to free up resources for other apps the user is using. It is up to our app to catch the onSaveInstanceState() and save the ui, then restore the Bundle in onCreate().
To trigger the bug, you can open the app, run a scan, then use a bunch of other apps for a while. Then pull up VTS again and view the empty UI.
Alternately, you can enable developer options and enable the 'Dont keep activities' option. Perform a scan in VTS, press the home button to leave the app, and come back to the app.
You can see that the "scan" button is missing, along with most of the UI. There's no easy way for the user to 'go back' to the starting screen and perform a scan.