MobSF MobSF Application Security Scorecard - RootBeer Sample 0.6

Security Score


Security Score 65/100

Risk Rating


Grade

  1. A
  2. B
  3. C
  4. F

Severity Distribution (%)


Privacy Risk

0

User/Device Trackers


Findings

High 1
Medium 3
Info 1
Secure 2
Hotspot 0

high App can be installed on a vulnerable upatched Android version 

Android 2.3.3-2.3.7, [minSdk=10]
This application can be installed on an older version of android that has multiple unfixed vulnerabilities. These devices won't receive reasonable security updates from Google. Support an Android version => 10, API 29 to receive reasonable security updates.

medium Application vulnerable to Janus Vulnerability 

Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also vulnerable.

medium Application Data can be Backed up 

[android:allowBackup] flag is missing.
The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.

medium This App may request root (Super User) privileges. 

This App may request root (Super User) privileges.
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

info The App logs information. Sensitive information should never be logged. 

The App logs information. Sensitive information should never be logged.
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

secure This App may have root detection capabilities. 

This App may have root detection capabilities.
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

secure This application has no privacy trackers 

This application does not include any user or device trackers. Unable to find trackers during static analysis.

MobSF Application Security Scorecard generated for ( RootBeer Sample 0.6)