[FEATURE] : The android can be installed on vulnrable devices is not a high security issue. It should be a warnning at most.

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

https://opensecurity.in

GNU General Public License v3.0

17.49k stars 3.24k forks source link

[FEATURE] : The android can be installed on vulnrable devices is not a high security issue. It should be a warnning at most. #2419

Closed thegallows-404 closed 3 months ago

thegallows-404 commented 3 months ago

I believe that this feature can be misleading especially for bug bounty hunters.

Screenshot at 2024-08-05 14-04-23

github-actions[bot] commented 3 months ago

👋 @thegallows-404 Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

ajinabraham commented 3 months ago

We have two rules here: https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/cc625fe8430f3437a473e82aa2966d100a4dc883/mobsf/StaticAnalyzer/views/android/kb/android_manifest_desc.py#L65-L87

If the app support really old versions of android it will be a high and for relatively newer but outdated versions, we show a warning severity.