The application was found to use weak cryptographic algorithms during app runtime. These methods are usually easily reverse engineered, so the data is not really protected very well. An attacked with access to the encrypted data could easily see the data that was obfuscated.##Evaluation Criteria
It is a best practice not to use insecure methods to encrypt data. However, not all companies require this. The context table below should be evaulated against the standards for the app. Also, please note there is a separate finding specifically for sensitive data being encrypted using these methods.
Recommendation
Change to using algrythms that are secure. Guidance can be found for Android and from Apple.
Summary
The application was found to use weak cryptographic algorithms during app runtime. These methods are usually easily reverse engineered, so the data is not really protected very well. An attacked with access to the encrypted data could easily see the data that was obfuscated.##Evaluation Criteria It is a best practice not to use insecure methods to encrypt data. However, not all companies require this. The context table below should be evaulated against the standards for the app. Also, please note there is a separate finding specifically for sensitive data being encrypted using these methods.
Recommendation
Change to using algrythms that are secure. Guidance can be found for Android and from Apple.
For more guidance on best practices in picking strong cryptography, please see OWASP's Cryptographic Storage Cheat_Sheet.',
Risk and Regulatory Information
Severity: low CVSS: 3.7
Application
See more detail in the NowSecure Report