Version 2 of the Mobile Application Security risk vector was released on May 27, 2021. See the deprecated tests.
Message | Description |
---|---|
Allow Backup Check |
Determines whether the “allowBackup” flag within the Android Manifest is set to “false.” Having this flag enabled allows easier access to the application files stored on the device. Analysis Category: CodeAnalysis Type: Static Severity (CVSS): Medium (4.6) |
APK Info |
The activities called for by an app are an important part of understanding the application's life cycle from the initial main activity launch to the final activity shutdown. The main activity is the main entry point into the application's user interface. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Arbitrary Code Execution Observed |
Checks for arbitrary code execution. When executable code is world-writable, another app could swap the file and gain code execution capabilities in other apps. Analysis Type: DynamicSeverity (CVSS): Critical (9.8) |
Arbitrary Code Execution Probable |
Checks for arbitrary code execution. When executable code is world-writable, another app could swap the file and gain code execution capabilities in other apps. Analysis Type: DynamicSeverity (CVSS): High (7.5) |
Automation Info |
Details of the automated interaction. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Behavioral Events |
Programmatic interactions are logged during dynamic analysis. Results are shown in the forensic data. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Certificate Validity Check |
Checks to see if the certificate used for this application compilation is valid to determine whether the certificate is expired or is set to expire within 30 days. Analysis Category: CodeAnalysis Type: Static Severity (CVSS): High (7.5) |
Change Cipher Spec Check |
Certain versions of OpenSSL do not properly restrict the processing of ChangeCipherSpec messages during the TLS/SSL handshake, which could lead to a man-in-the-middle exploit. This is also referred to as the “CCS Injection” vulnerability. For additional details, refer to CVE-2014-0224. Analysis Category: CodeAnalysis Type: Static Severity (CVSS): High (7.3) |
Cookie Without HttpOnly Flag |
Analyzes the attributes set within the cookies used by the app to determine if the “httponly” flag is set. When a cookie is set with the “httponly” flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies and can prevent attacks, like cross-site scripting (XSS), as the cookie cannot be accessed via client-side (e.g., using a JavaScript code snippet). Analysis Type: DynamicSeverity (CVSS): Medium (5.3) |
Cookie Without Secure Flag |
Analyzes the attributes set within the cookies used by the app to determine if the “secure” flag is set. When set to “true,” the “secure” flag tells the browser to only send the cookie if the request is sent using a secure channel. This ensures the cookie is not transmitted over unencrypted requests. Analysis Type: DynamicSeverity (CVSS): Medium (5.3) |
Debug Flag Check |
Determines whether the application was compiled with the “debuggable” flag enabled in the Android manifest. If enabled, it’s possible to attach a debugger to the application’s process and execute arbitrary code. The default value is “true” if the “debuggable” flag is not set. Debugging should be disabled before compiling an app for production. Analysis Category: CodeAnalysis Type: Analysis Severity (CVSS): Medium (4.4) |
Decode APK Check |
Determines if the application can be decoded and if its resources can be extracted for further analysis. Analysis Category: CodeAnalysis Type: Static Severity (CVSS): Informational (0) |
Decompile APK Check |
Determines if the application can be decompiled and if its source code can be extracted for further analysis. Analysis Type: StaticSeverity (CVSS): Informational (0) |
Get Reflection Code |
This check looks for code reflection within the application and returns where reflection is used. Reflection grants developers the ability and flexibility to view and determine API characteristics at runtime, as opposed to compilation time. At runtime, reflection techniques can be used to determine if a specific class or method is available before trying to use it. Developers can dynamically construct objects, access fields, and invoke methods. It enables the developer to leverage newer APIs while still supporting older versions, all from within the same app. Reflection APIs are part of the Android SDK and can be beneficial when targeting a variety of versions/devices. Analysis Category: CodeAnalysis Type: Static Severity (CVSS): Informational (0) |
HeartBleed Check |
Determines if the application attempts to use escalated privileges through the “su” command. This is commonly used by malware to exploit rooted devices. Analysis Category: CodeAnalysis Type: Static Severity (CVSS): High (7.5) |
Keysize Check |
Checks to see if the key used to sign the application is larger than 1024 bits. Anything smaller leaves applications vulnerable to forged digital signatures. Analysis Category: CodeAnalysis Type: Static Severity (CVSS): Medium (5.9) |
Leaked Data in Files Android ID |
Local application files and external storage locations are inspected for Android ID exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files Bluetooth MAC |
Local application files and external storage locations are inspected for Bluetooth MAC address exposure. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked Data in Files Build Fingerprint |
Local application files and external storage locations are inspected for build fingerprint exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files (Custom Values) |
Using specified custom search terms, local application files and external storage locations are inspected for sensitive user or application data. Analysis Type: DynamicSeverity (CVSS): Medium (4.4) |
Leaked Data in Files DNS1 |
Local application files and external storage locations are inspected for Domain Name System (DNS) exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files DNS2 |
Local application files and external storage locations are inspected for Domain Name System (DNS) exposure. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked Data in Files Email |
Local application files and external storage locations are inspected for user email address exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files First Name |
Local application files and external storage locations are inspected for user first name exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files GPS Latitude |
Local application files and external storage locations are inspected for exposed GPS latitude coordinates. Analysis Type: DynamicSeverity (CVSS): Medium (4.4) |
Leaked Data in Files GPS Longitude |
Local application files and external storage locations are inspected for exposed GPS longitude coordinates. Analysis Type: DynamicSeverity (CVSS): Medium (4.4) |
Leaked Data in Files IMEI |
Local application files and external storage locations are inspected for International Mobile Equipment Identity (IMEI) exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files Last Name |
Local application files and external storage locations are inspected for user last name exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files Local WiFi MAC |
Local application files and external storage locations are inspected for local wi-fi MAC address exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files MAC |
Local application files and external storage locations are inspected for MAC address exposure. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked Data in Files Name |
Local application files and external storage locations are inspected for exposure of the user’s full name. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked Data in Files Password |
Local application files and external storage locations are inspected for exposed passwords. Analysis Type: DynamicSeverity (CVSS): Medium (4.4) |
Leaked Data in Files Phone Number |
Local application files and external storage locations are inspected for exposed phone numbers. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files Provision Revision |
Local application files and external storage locations are inspected for provision revision exposure. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked Data in Files Serial |
Local application files and external storage locations are inspected for serial exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files Surrounding WiFi MAC |
Local application files and external storage locations are inspected for surrounding wi-fi MAC address exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files Surrounding Wifi Network BSSID |
Local application files and external storage locations are inspected for exposure of the surrounding wi-fi network basic service set identifier (BSSID). Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files Surrounding Wifi Network SSID |
Local application files and external storage locations are inspected for surrounding wi-fi network SSID exposure. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files Username |
Local application files and external storage locations are inspected for exposed usernames. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files WiFi IP |
Local application files and external storage locations are inspected for exposed wi-fi IP addresses. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked Data in Files WiFi MAC |
Local application files and external storage locations are inspected for exposed wi-fi MAC addresses. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked Data in Files ZIP Code |
Local application files and external storage locations are inspected for exposed ZIP codes. Analysis Type: DynamicSeverity (CVSS): Low (2.3) |
Leaked LogCat Data Android ID |
System log files are analyzed for the existence of sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (2.1) |
Leaked LogCat Data Bluetooth MAC |
System log files are analyzed for the existence of sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked LogCat Data Build Fingerprint |
System log files are analyzed for the existence of sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (2.1) |
Leaked LogCat Data (Custom Values) |
System log files are analyzed for the existence of sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Medium (5.5) |
Leaked LogCat Data DNS1 |
System log files are analyzed for DNS1 exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (2.1) |
Leaked LogCat Data DNS2 |
System log files are analyzed for DNS2 exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked LogCat Data Email |
System log files are analyzed for the existence of sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (3.3) |
Leaked LogCat Data First Name |
System log files are analyzed for the existence of sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (3.3) |
Leaked LogCat Data GPS Latitude |
System log files are analyzed for the existence of sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (3.3) |
Leaked LogCat Data GPS Longitude |
System log files are analyzed for the existence of sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (3.3) |
Leaked LogCat Data IMEI |
System log files are analyzed for International Mobile Equipment Identity (IMEI) exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (2.1) |
Leaked LogCat Data Last Name |
System log files are analyzed for exposure of the user’s last name. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (3.3) |
Leaked LogCat Data Local WiFi MAC |
System log files are analyzed for exposure of the local wi-fi MAC address. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (2.1) |
Leaked LogCat Data MAC |
System log files are analyzed for MAC address exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked LogCat Data Name |
System log files are analyzed for exposure of the user’s name. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (3.3) |
Leaked LogCat Data Password |
System log files are analyzed for the existence of sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might allow an attacker to carry out a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Medium (5.5) |
Leaked LogCat Data Phone Number |
System log files are analyzed for exposure of the user’s phone number. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (3.3) |
Leaked LogCat Data Provision Revision |
System log files are analyzed for provision revision exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked LogCat Data Serial |
System log files are analyzed for exposure of the device’s serial. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (2.1) |
Leaked LogCat Data Surrounding WiFi MAC |
System log files are analyzed for surrounding wi-fi MAC address exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (2.1) |
Leaked LogCat Data Surrounding Wifi Network BSSID |
System log files are analyzed for exposure of the surrounding wi-fi network basic service set identifier (BSSID). Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked LogCat Data Surrounding Wifi Network SSID |
System log files are analyzed for the existence of any sensitive user or application data. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked LogCat Data Username |
System log files are analyzed for the existence of any sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (3.3) |
Leaked LogCat Data WiFi IP |
System log files are analyzed for the existence of any sensitive user or application data.Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (2.1) |
Leaked LogCat Data WiFi MAC |
System log files are analyzed for the existence of any sensitive user or application data. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Leaked LogCat Data ZIP Code |
System log files are analyzed for exposure of the user’s ZIP code. Debug logs, which are designed to detect and correct application flaws, can leak sensitive information that might help an attacker craft a more powerful attack. Any application on that device with the READ_LOGS permission can interrogate the logs. The log files of more recent Android versions are carefully isolated and do not require system-level permissions to be requested. Analysis Type: DynamicSeverity (CVSS): Low (3.3) |
Master Key Check |
Checks if the application is attempting to exploit the Master Key vulnerability. Android OS versions 1.6 through 4.2 do not properly check cryptographic signatures, which could lead to non-approved code being run. For more information see CVE-2013-4787. The purpose of this check is to flag potentially malicious behavior within the application. Analysis Category: CodeAnalysis Type: Static Severity (CVSS): Critical (9.3) |
Obfuscation Check |
Checks if the source code has been obfuscated, either by Proguard or Dexguard, in order to make class identification less obvious. The intellectual property is at risk because the application can be easily reverse-engineered. Analysis Category: CodeAnalysis Type: Static Severity (CVSS): Medium (4) |
OkHttp |
Versions before 2.7.4 and 3.x before 3.1.2 of OkHttp allows man-in-the-middle attackers to bypass certificate pinning. During static analysis, the binary is searched for vulnerable versions of this library. Analysis Type: StaticSeverity (CVSS): Medium (5.9) |
OSLogs |
OSLog is a unified logging system that stores messages in memory and in a data store, rather than writing to text-based log files. These logs, which are designed to detect and correct application flaws, can leak sensitive information that might help an attacker craft a more powerful attack. Forensic data provides any detected OSLog messages. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Path Traversal |
Path traversal (a.k.a. directory traversal) allows attackers to perpetrate a “dot–dot–slash” (../) attack to read/write files in internal storage. Any vulnerable content providers will be listed in the forensic data. Analysis Category: Inter Process Communication (IPC)Analysis Type: Dynamic Severity (CVSS): High (7.3) |
Remote Code Execution |
Checks for writable executable file permissions and for in-transit ZIP files sent over the network. The combination of these two instances more than likely indicates a remote code execution vulnerability. Analysis Type: DynamicSeverity (CVSS): Critical (9.8) |
Runs Root Command Check |
Determines if the application attempts to use escalated privileges through the “su” command. This is commonly used by malware to exploit rooted devices, gaining control of all functionalities of the application. Analysis Type: DynamicSeverity (CVSS): Critical (10) |
SD Card File List |
External storage locations are monitored as the application runs to determine if data is being stored in the application. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Secure Random Check |
Applications that use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices. This is due to improper initialization of the pseudo-random number generator (PRNG). Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected. Please note that for “electronic wallet” applications or applications that process sensitive and/or monetary transactions (including bitcoin transactions), the risk associated with this finding should carefully be considered and should potentially be classified using a finding with severity “High.” Analysis Category: CodeAnalysis Type: Static Severity (CVSS): Low (2.7) |
Sensitive Data Cert Validation |
Determines whether the application is performing proper certificate validation or hostname verification. Lack of proper validation could result in sensitive data being intercepted by a man-in-the-middle attack. If the application's traffic can be decrypted, it is searched for sensitive data, including username, password, GPS coordinates, wi-fi MAC address, International Mobile Equipment Identity (IMEI), device serial number, and phone number. Analysis Type: DynamicSeverity (CVSS): High (7.7) |
Sensitive Data Flow |
All TLS/SSL communications sent by the application are proxied and traffic is searched for sensitive values, including the user’s username, password, GPS coordinates, wi-fi MAC address, International Mobile Equipment Identity (IMEI), serial number, and phone number. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Sensitive Data HTTP (Custom Values) |
Using custom search terms, traffic is analyzed to determine if any sensitive data is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (8.1) |
Sensitive Data HTTP Android ID |
Traffic is analyzed to determine if the Android ID is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP Bluetooth MAC |
Traffic is analyzed to determine if the Bluetooth MAC address is insecurely transmitted over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Sensitive Data HTTP Build Fingerprint |
Traffic is analyzed to determine if the user’s build fingerprint is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP DNS1 |
Traffic is analyzed to determine if any DNS data is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Medium (4.3) |
Sensitive Data HTTP DNS2 |
Traffic is analyzed to determine if any DNS data is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Sensitive Data HTTP Email |
Traffic is analyzed to determine if the user’s email address is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP First Name |
Traffic is analyzed to determine if the user’s first name is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP GPS Latitude |
Traffic is analyzed to determine if the user’s GPS latitude location is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (8.1) |
Sensitive Data HTTP GPS Longitude |
Traffic is analyzed to determine if any sensitive data is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (8.1) |
Sensitive Data HTTP IMEI |
Traffic is analyzed to determine if the user’s International Mobile Equipment Identity (IMEI) is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP Last Name |
Traffic is analyzed to determine if the user’s last name is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP Local WiFi MAC |
Traffic is analyzed to determine if the local wi-fi MAC address is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Medium (4.3) |
Sensitive Data HTTP MAC |
Traffic is analyzed to determine if the device’s MAC address is insecurely transmitted over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Sensitive Data HTTP Name |
Traffic is analyzed to determine if the user’s full name is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP Password |
Traffic is analyzed to determine if the user’s password is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (8.1) |
Sensitive Data HTTP Phone Number |
Traffic is analyzed to determine if the user’s phone number is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP Provision Revision |
Traffic is analyzed to determine if the provision revision is insecurely transmitted over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Sensitive Data HTTP Serial |
Traffic is analyzed to determine if the device’s serial is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP Surrounding WiFi MAC |
Traffic is analyzed to determine if the surrounding wi-fi MAC address is insecurely transmitted over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Medium (4.3) |
Sensitive Data HTTP Surrounding Wifi Network BSSID |
Traffic is analyzed to determine if the surrounding wi-fi network basic service set identifiers (BSSID) is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Medium (4.3) |
Sensitive Data HTTP Surrounding Wifi Network SSID |
Traffic is analyzed to determine if the surrounding wi-fi network service set Identifier (SSID) is insecurely transmitted over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Medium (4.3) |
Sensitive Data HTTP Username |
Traffic is analyzed to determine if the user’s username is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP WiFi IP |
Traffic is analyzed to determine if the wi-fi IP address is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): High (7.1) |
Sensitive Data HTTP WiFi MAC |
Traffic is analyzed to determine if the w-fi MAC address is exposed from insecure transmission over the network without encryption. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Sensitive Data HTTP ZIP Code |
Traffic is analyzed to determine if the user’s ZIP code is exposed from insecure transmission over the network without encryption. Analysis Type: StaticSeverity (CVSS): High (7.1) |
SMS Communications |
SMS communications are monitored during dynamic analysis. Forensic data provides context on what was found to be sent over SMS. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
Snoop Network Hosts |
Network communications are monitored while the application is running to locate the destination of the application’s sent data. Analysis Type: DynamicSeverity (CVSS): Informational (0) |
SQL Injection |
Android applications might use untrusted and exploitable input to construct SQL queries. The most common case is when applications do not sanitize input for a SQL query and do not limit access to content providers. Any vulnerable content providers are available in the forensic data. Analysis Type: DynamicSeverity (CVSS): Medium (5.7) |
World Writable Files Check |
Calls within the application are checked for the use of world-writable permissions. Forensic details show any detections. Analysis Category: PermissionsAnalysis Type: Dynamic Severity (CVSS): Medium (5) |
Writable Executable Files Check |
Checks for writable executable file permissions in shared storage locations. If the application has a “writable_executable” and is combined with another bug, such as a network ZIP download, the app could be vulnerable to remote code execution attacks. Analysis Category: PermissionsAnalysis Type: Dynamic Severity (CVSS): Informational (0) |
Writable Executable Files Private Check |
Checks for writable executable file permissions in the application’s data directory. If the application has a “writable_executable” and is combined with another bug, such as a network ZIP download, the app could be vulnerable to remote code execution attacks. Analysis Category: PermissionsAnalysis Type: Dynamic Severity (CVSS): Informational (0) |
Zip File in Transit Check Https |
Detects when ZIP files are being sent by the application over HTTPS. ZIP files can contain arbitrary code written in the file, which could allow an attacker to carry out a remote code execution attack. Analysis Category: NetworkAnalysis Type: Dynamic Severity (CVSS): Informational (0) |