MobSF Application Security Scorecard
- PinLock Simple 1.0
Security Score
Security Score 36/100
Risk Rating
Grade
- A
- B
- C
- F
Severity Distribution (%)
Privacy Risk
0
User/Device Trackers
Findings
High
3
Medium
2
Info
1
Secure
1
Hotspot
0
high App can be installed on a vulnerable upatched Android version
Android 3.0, [minSdk=11] This application can be installed on an older version of android that has multiple unfixed vulnerabilities. These devices won't receive reasonable security updates from Google. Support an Android version => 10, API 29 to receive reasonable security updates.
high Debug Enabled For App
[android:debuggable=true] Debugging was enabled on the app which makes it easier for reverse engineers to hook a debugger to it. This allows dumping a stack trace and accessing debugging helper classes.
high Debug configuration enabled. Production builds must not be debuggable.
Debug configuration enabled. Production builds must not be debuggable. https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing
medium Application Data can be Backed up
[android:allowBackup=true] This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
medium The App uses an insecure Random Number Generator.
The App uses an insecure Random Number Generator. https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators
info The App logs information. Sensitive information should never be logged.
The App logs information. Sensitive information should never be logged. https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs
secure This application has no privacy trackers
This application does not include any user or device trackers. Unable to find trackers during static analysis.