HackApp vulnerability scanner discovered that application Real Dress Up published at the ‘play’ market has multiple vulnerabilities.
Control of WebView context allows to access local files.
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
SD-cards and other external storages have 'worldwide read' policy.
Code for 'DexClassLoader' could be tampered.
This app is looking for root tools.
Where do they point?
Are you sure these files should be here?
All items deleted with 'file.delete()' could be recovered.
Everyone can use it to access your resources.
Files created with these methods could be worldwide readable.
The app uses Android KeyStore subsystem with hardcoded authentication.
CPE | Name | Operator | Version |
---|---|---|---|
real dress up | le | 1.3.0 |