Hello ,,......
Let's Take a look at the security expect of Android ..
This is just a collection of this things that I have read some where or I have come across while doing development ....
So lets share knowledge and help everyone ..
Does the application leak sensitive information via Property Files?
Check for presence of putString, MODE_PRIVATE, MODE_WORLD_READABLE, MODE_WORLD_WRITEABLE, addPreferencesFromResource in Source Code
Does the application leak sensitive information via SD Card storage?
Check for presence of WRITE_EXTERNAL_STORAGE in Android Manifest File and getExternalStorageDirectory(), sdcard in Source code
Is the application vulnerable to TapJacking attack?
Check for presence of
Does the application leak sensitive information via hardcoded secrets?
Check for presence of // and /* */ in Source code
Can sensitive information be enumerated due to the enabled Autocomplete feature?
Check for presence of tag not containing textNoSuggestions in Layout file
Does the application implement a insecure transport mechanism?
Check for presence of http://, HttpURLConnection,URLConnection, URL, TrustAllSSLSocket-Factory, AllTrustSSLSocketFactory, NonValidatingSSLSocketFactory in Source code
Does the application have debugging enabled?
Check for presence of android:debuggable set to true in Android Manifest File
Does the application misuse or leaksensitive information like device identifiers or via a side channel?
Check for the presence of uid, user-id, imei, deviceId, deviceSerialNumber, devicePrint, X-DSN, phone, mdn, did, IMSI, uuid in Source code
Let's Take a look at the security expect of Android ..
This is just a collection of this things that I have read some where or I have come across while doing development ....
So lets share knowledge and help everyone ..
Does the application leak sensitive information via Property Files?
Check for presence of putString, MODE_PRIVATE, MODE_WORLD_READABLE, MODE_WORLD_WRITEABLE, addPreferencesFromResource in Source Code
Does the application leak sensitive information via SD Card storage?
Check for presence of WRITE_EXTERNAL_STORAGE in Android Manifest File and getExternalStorageDirectory(), sdcard in Source code
Is the application vulnerable to TapJacking attack?
Check for presence of
Does the application leak sensitive information via hardcoded secrets?
Check for presence of // and /* */ in Source code
Can sensitive information be enumerated due to the enabled Autocomplete feature?
Check for presence of tag not containing textNoSuggestions in Layout file
Does the application implement a insecure transport mechanism?
Check for presence of http://, HttpURLConnection,URLConnection, URL, TrustAllSSLSocket-Factory, AllTrustSSLSocketFactory, NonValidatingSSLSocketFactory in Source code
Does the application have debugging enabled?
Check for presence of android:debuggable set to true in Android Manifest File
Does the application misuse or leaksensitive information like device identifiers or via a side channel?
Check for the presence of uid, user-id, imei, deviceId, deviceSerialNumber, devicePrint, X-DSN, phone, mdn, did, IMSI, uuid in Source code
No comments:
Post a Comment