Fluid Attacks security scan finding: 055. Insecure service configuration - ADB Backups,CWE-530,application.android:allowBackup enabled
Closed this issue · 0 comments
francisli commented
title,cwe,description,cvss,finding,stream,kind,where,snippet,method
055. Insecure service configuration - ADB Backups,CWE-530,application.android:allowBackup enabled,CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:R,https://docs.fluidattacks.com/criteria/vulnerabilities/055,skims,SAST,0,"
50 | <uses-permission android:name=""android.permission.READ_APP_BADGE"">
51 | </uses-permission>
52 | <uses-permission android:name=""com.oppo.launcher.permission.READ_SETTINGS"">
53 | </uses-permission>
54 | <uses-permission android:name=""com.oppo.launcher.permission.WRITE_SETTINGS"">
55 | </uses-permission>
56 | <uses-permission android:name=""me.everything.badger.permission.BADGE_COUNT_READ"">
57 | </uses-permission>
58 | <uses-permission android:name=""me.everything.badger.permission.BADGE_COUNT_WRITE"">
59 | </uses-permission>
> 60 | <application android:allowbackup=""true"" android:appcomponentfactory=""androidx.core.app.CoreComponentFactory"" android:ic
| on=""@7F0C0000"" android:label=""@7F0F001C"" android:name=""org.codeforsanfrancisco.intentionalwalk.MainApplication"" android:
| roundicon=""@7F0C0002"" android:theme=""@7F100009"">
61 | <meta-data android:name=""com.dieam.reactnativepushnotification.notification_channel_name"" android:value=""intentional-w
| alk"">
62 | </meta-data>
63 | <meta-data android:name=""com.dieam.reactnativepushnotification.notification_channel_description"" android:value=""Intent
| ional Walk Reminders"">
64 | </meta-data>
65 | <meta-data android:name=""com.dieam.reactnativepushnotification.notification_foreground"" android:value=""false"">
66 | </meta-data>
^ Col 0
",analyze_bytecodes.apk_backups_enabled
055. Insecure service configuration - ADB Backups,CWE-530,application.android:allowBackup is not disabled in OWASP/app/src/debug/AndroidManifest.xml,CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:R,https://docs.fluidattacks.com/criteria/vulnerabilities/055,skims,SAST,7,"
1 | <?xml version=""1.0"" encoding=""utf-8""?>
2 | <manifest xmlns:android=""http://schemas.android.com/apk/res/android""
3 | xmlns:tools=""http://schemas.android.com/tools"">
4 |
5 | <uses-permission android:name=""android.permission.SYSTEM_ALERT_WINDOW""/>
6 |
> 7 | <application android:usesCleartextTraffic=""true"" tools:targetApi=""28"" tools:ignore=""GoogleAppIndexingWarning"" />
8 | </manifest>
^ Col 0
",android.apk_backups_enabled
055. Insecure service configuration - ADB Backups,CWE-530,application.android:allowBackup is not disabled in OWASP/app/src/main/AndroidManifest.xml,CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:R,https://docs.fluidattacks.com/criteria/vulnerabilities/055,skims,SAST,12,"
2 | xmlns:tools=""http://schemas.android.com/tools""
3 | package=""org.codeforsanfrancisco.intentionalwalk"">
4 | <uses-permission android:name=""android.permission.INTERNET"" />
5 | <uses-permission android:name=""android.permission.ACTIVITY_RECOGNITION""/>
6 | <uses-permission android:name=""com.google.android.gms.permission.ACTIVITY_RECOGNITION""/>
7 | <uses-permission android:name=""android.permission.READ_PHONE_STATE"" tools:node=""remove"" />
8 | <uses-permission android:name=""android.permission.RECEIVE_BOOT_COMPLETED""/>
9 | <uses-permission android:name=""android.permission.VIBRATE"" />
10 | <uses-permission android:name=""android.permission.WAKE_LOCK"" />
11 |
> 12 | <application
13 | android:name="".MainApplication""
14 | android:label=""@string/app_name""
15 | android:icon=""@mipmap/ic_launcher""
16 | android:roundIcon=""@mipmap/ic_launcher_round""
17 | android:theme=""@style/AppTheme"">
18 |
19 | <meta-data android:name=""com.dieam.reactnativepushnotification.notification_channel_name""
20 | android:value=""intentional-walk""/>
21 | <meta-data android:name=""com.dieam.reactnativepushnotification.notification_channel_description""
22 | android:value=""Intentional Walk Reminders""/>
^ Col 0
",android.apk_backups_enabled
Summary: 3 vulnerabilities were found in your targets.