ANDROSAST

Dated: 24/4/2019

APK Details

Package: com.example.himadriganguly.testapp
Version: 1.0
Version number: 1
Minimum SDK version: 27 (Android Unknown)
Target SDK: 28 (Android Unknown)
Fingerprints: MD5: 27aeba1d150fa35ad5cb89f10a867277
SHA-1: 35f927c0cf528c64f633cbe2b4d214730ce1d346
SHA-256: 3f1a376359333c5fc151aef2e2ea49cbc16b1632a8edaba1de96ecba225b361b
Total vulnerabilities found: 2
Critical: 1

Vulnerability Chart

Vulnerability

Priority Count
Critical 1
High 0
Medium 1
Warning 1

Vulnerability List

# Priority Name Description
1 Critical Manifest Debug The application is in debug mode. This allows any malicious person to inject arbitrary code in the application. This option should only be used while in development.
1 Medium Allows Backup This option allows backups of the application data via adb. Malicious people with physical access could use adb to get private data of your app into their PC.
1 Warning Exported activity Exported activity was found. It can be used by other applications.

Critical Vulnerability List

Manifest Debug

Description:
The application is in debug mode. This allows any malicious person to inject arbitrary code in the application. This option should only be used while in development.
File
AndroidManifest.xml
Language
xml
Line
4
Affected code
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" platformBuildVersionCode="@flags:1" android:compileSdkVersion="28" android:versionName="1.0" platformBuildVersionName="1.0" android:versionCode="1" package="com.example.himadriganguly.testapp" android:compileSdkVersionCodename="9">
<uses-sdk android:minSdkVersion="27" android:targetSdkVersion="28" />
<application android:appComponentFactory="android.support.v4.app.CoreComponentFactory" android:debuggable="true" android:allowBackup="true" android:icon="@com.example.himadriganguly.testapp:mipmap/ic_launcher" android:supportsRtl="true" android:theme="@com.example.himadriganguly.testapp:style/AppTheme" android:label="@com.example.himadriganguly.testapp:string/app_name" android:roundIcon="@com.example.himadriganguly.testapp:mipmap/ic_launcher_round">
<activity android:name="com.example.himadriganguly.testapp.MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />

Medium Vulnerability List

Allows Backup

Description:
This option allows backups of the application data via adb. Malicious people with physical access could use adb to get private data of your app into their PC.
File
AndroidManifest.xml
Language
xml
Line
4
Affected code
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" platformBuildVersionCode="@flags:1" android:compileSdkVersion="28" android:versionName="1.0" platformBuildVersionName="1.0" android:versionCode="1" package="com.example.himadriganguly.testapp" android:compileSdkVersionCodename="9">
<uses-sdk android:minSdkVersion="27" android:targetSdkVersion="28" />
<application android:appComponentFactory="android.support.v4.app.CoreComponentFactory" android:debuggable="true" android:allowBackup="true" android:icon="@com.example.himadriganguly.testapp:mipmap/ic_launcher" android:supportsRtl="true" android:theme="@com.example.himadriganguly.testapp:style/AppTheme" android:label="@com.example.himadriganguly.testapp:string/app_name" android:roundIcon="@com.example.himadriganguly.testapp:mipmap/ic_launcher_round">
<activity android:name="com.example.himadriganguly.testapp.MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />

Warning List

Exported activity

Description:
Exported activity was found. It can be used by other applications.
File
AndroidManifest.xml
Language
xml
Line
5
Affected code
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" platformBuildVersionCode="@flags:1" android:compileSdkVersion="28" android:versionName="1.0" platformBuildVersionName="1.0" android:versionCode="1" package="com.example.himadriganguly.testapp" android:compileSdkVersionCodename="9">
<uses-sdk android:minSdkVersion="27" android:targetSdkVersion="28" />
<application android:appComponentFactory="android.support.v4.app.CoreComponentFactory" android:debuggable="true" android:allowBackup="true" android:icon="@com.example.himadriganguly.testapp:mipmap/ic_launcher" android:supportsRtl="true" android:theme="@com.example.himadriganguly.testapp:style/AppTheme" android:label="@com.example.himadriganguly.testapp:string/app_name" android:roundIcon="@com.example.himadriganguly.testapp:mipmap/ic_launcher_round">
<activity android:name="com.example.himadriganguly.testapp.MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>