NowSecure static analysis: Decompile APK Check

lcimeni commented 3 years ago

Finding Description

We were able to decompile your application down to its java source code, which an attacker would be able to do as well. This could allow access to any sensitive information contained in the source code.

Steps to Reproduce

Determines if an application can be decoded and if its resources can be extracted for further analysis.

Remediation Resources

Ensure that the decompiled code does not contain sensitive user or application data that you would not want a malicious user to have access to. Code obfuscation is one recommended way to further protect your source code.

Risk and Regulatory Information

Severity: info CVSS: 4.44

Risk OWASP: Mobile Top 10: M9-Reverse Engineering
GDPR: Risks violating Article 25, Risks violating Article 32
FFIEC: May violate D3.PC.Im.I.6
PCI: May violate requirement 6.5
HIPAA: May violate §164.312(c)(1): Standard: Integrity., May violate §164.312(a)(1): Standard: Access control.

Application

Platform: android
Package: fuzion24.dynamictestapp

See more detail in the NowSecure Report

lcimeni commented 3 years ago

Update: The risk severity (CVSS score) of this finding has been modified from 4.44 to 4.4444 by Lorenz Cimeni.

Powered by NowSecure Platform

lcimeni commented 3 years ago

Update: This finding has been marked as ‘Pass’ by Lorenz Cimeni, so no additional action required.

Powered by NowSecure Platform

lcimeni commented 3 years ago

Update: This finding has been permanently hidden by Lorenz Cimeni, so no additional action required.

Powered by NowSecure Platform

lcimeni / youtube