HackApp vulnerability scanner discovered that application AppNana - Free Gift Cards published at the βplayβ market has multiple vulnerabilities.
SD-cards and other external storages have 'worldwide read' policy.
Function 'Runtime.getRuntime().exec()' is used, please check where variables are come from.
Code for 'DexClassLoader' could be tampered.
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
Control of WebView context allows to access local files.
All items deleted with 'file.delete()' could be recovered.
This app is looking for root tools.
Native code (.so) usage 'System.loadLibrary();' is found.
Were do they point?
Are you sure these files should be here?
WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.
Files created with these methods could be worldwide readable.
CPE | Name | Operator | Version |
---|---|---|---|
appnana - free gift cards | le | Varies with device |