Hardcoded cryptographic keys were observed being used by the application to access data.
Static keys hardcoded into the app binary or bundle can be accessed by malicious actors and potentially be used to steal sensitive data.
Steps to Reproduce
While the app is running on a physical device, this test looks for hardcoded cryptographic keys actively being used by the app.
If found, this test flags any cryptographic method calls that are observed to be using these hardcoded keys.
Business Impact
Cryptographic keys were found stored inside of the publicly available app. These keys can potentially be used to access the sensitive information of all of the app's users.
Finding Description
Hardcoded cryptographic keys were observed being used by the application to access data. Static keys hardcoded into the app binary or bundle can be accessed by malicious actors and potentially be used to steal sensitive data.
Steps to Reproduce
While the app is running on a physical device, this test looks for hardcoded cryptographic keys actively being used by the app. If found, this test flags any cryptographic method calls that are observed to be using these hardcoded keys.
Business Impact
Cryptographic keys were found stored inside of the publicly available app. These keys can potentially be used to access the sensitive information of all of the app's users.
Remediation Resources
Avoid hardcoding sensitive information such as cryptographic keys in the application source code or bundle. When generating cryptographic values, make sure to follow best practices. See https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys for details and code snippets to implement these protections.
The context table below displays hardcoded cryptographic keys that were observed to be in use by the app's cryptographic method calls.
Risk and Regulatory Information
Severity: info
Application
See more detail in the NowSecure Report