 Mobile Application Security Scanner

Scan "Scan testing"

Application summary


Platform: android

Package: com.koynce.app

Version: 1.0.0

SHA1 Hash: 27b3dd83fe9102a2e8837a6bd10a3d2b9ef1cfdd

Size: 7 MB

Scan summary


Date: May 16, 2018, 2:51 p.m.

Vulnerability risk dashboard

Code coverage (% methods)

 
100/13199 methods

Risk Title Short description

High Debug mode enabled Application is compiled with debug

(/report/vuln/18339/19/) (/report/vuln/18339/19/) mode enabled
(/report/vuln/18339/19/)

Medium Insecure whitelist configuration Insecure whitelist configuration

(/report/vuln/18339/7/) (/report/vuln/18339/7/) authorising access to all
ressources. (/report/vuln/18339/7/)

Potentially Backup mode enabled Application is enabling backup

(/report/vuln/18339/35/) (/report/vuln/18339/35/) mode (/report/vuln/18339/35/)

Important Exported activites, services and List of all exported components

(/report/vuln/18339/102/) broadcast receivers list (activities, services, broadcast
(/report/vuln/18339/102/) receivers, content providers)
(/report/vuln/18339/102/)

Important Decompiled source code Retrieved source using open-

(/report/vuln/18339/104/) (/report/vuln/18339/104/) source decompilers
(/report/vuln/18339/104/)

Note Obfuscated methods List of code obfuscation status of

(/report/vuln/18339/51/) (/report/vuln/18339/51/) all application\s componenets
(/report/vuln/18339/51/)

Note Call to XML parsing API List of XML parsing API calls
(/report/vuln/18339/14/) (/report/vuln/18339/14/) (/report/vuln/18339/14/)

Note Implementation of a List of WebViewClient

(/report/vuln/18339/76/) WebViewClient implementation
(/report/vuln/18339/76/) (/report/vuln/18339/76/)

Note Hardcoded urls list Hardcoded URL constant strings

(/report/vuln/18339/29/) (/report/vuln/18339/29/) (/report/vuln/18339/29/)

Note Call to dangerous WebView List of WebView API calls

(/report/vuln/18339/119/) settings API (/report/vuln/18339/119/)
(/report/vuln/18339/119/)
Risk Title Short description

Note Call to External Storage API List of external storage API calls
(/report/vuln/18339/83/) (/report/vuln/18339/83/) (/report/vuln/18339/83/)

Note APK files list List of all files shipped in the

(/report/vuln/18339/38/) (/report/vuln/18339/38/) application.
(/report/vuln/18339/38/)

Note Call to Inter-Process- List of Interp-Process

(/report/vuln/18339/39/) Communication (IPC) API Communication (IPC) calls
(/report/vuln/18339/39/) (/report/vuln/18339/39/)

Note Call to logging API List of logging API calls

(/report/vuln/18339/10/) (/report/vuln/18339/10/) (/report/vuln/18339/10/)

Note Call to Socket API List of Server Socket API calls

(/report/vuln/18339/32/) (/report/vuln/18339/32/) (/report/vuln/18339/32/)

Note APK attack surface List of components potentially

(/report/vuln/18339/71/) (/report/vuln/18339/71/) accepting user input
(/report/vuln/18339/71/)

Note Hardcoded strings list Hardcoded strings

(/report/vuln/18339/36/) (/report/vuln/18339/36/) (/report/vuln/18339/36/)

Note Application components list List application's components

(/report/vuln/18339/81/) (/report/vuln/18339/81/) (/report/vuln/18339/81/)

Note Android Manifest APK Manifest in XML

(/report/vuln/18339/40/) (/report/vuln/18339/40/) (/report/vuln/18339/40/)

Note Apache Cordova Framework Application is built using the

(/report/vuln/18339/18/) detected Cordova Apache Framework
(/report/vuln/18339/18/) (/report/vuln/18339/18/)

Note Application certificate Application signing certificate

(/report/vuln/18339/25/) information details (/report/vuln/18339/25/)
(/report/vuln/18339/25/)

Note Call to Reflection API List of reflection API calls

(/report/vuln/18339/54/) (/report/vuln/18339/54/) (/report/vuln/18339/54/)

Note Call to Random API List of random API calls

(/report/vuln/18339/22/) (/report/vuln/18339/22/) (/report/vuln/18339/22/)

Ostorlab 2018