Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
Other
1.02k
stars
272
forks
source link
Notification of updated tests misses the case where a fix was included for an existing check #80
If a vulnerability check is broken, or not completely correct and we later fix this, this is not currently accounted for.
VTS supports notifying the user when the app contains new tests. The way this works is: monitor for VTS app installation (denoting an install or upgrade). Catch that intent in a broadcast receiver, and then look at shared prefs for a list of vuln checks, if your current list differs, notify the user. If the list doesn't currently exist, assume it has not been ran and save the list in shared prefs
If a vulnerability check is broken, or not completely correct and we later fix this, this is not currently accounted for.
VTS supports notifying the user when the app contains new tests. The way this works is: monitor for VTS app installation (denoting an install or upgrade). Catch that intent in a broadcast receiver, and then look at shared prefs for a list of vuln checks, if your current list differs, notify the user. If the list doesn't currently exist, assume it has not been ran and save the list in shared prefs