HackApp vulnerability scanner discovered that application مراحل الحمل و الولادة بالتفصيل published at the ‘play’ market has multiple vulnerabilities.
The app should be compliant with open source license requirements.
Files created with these methods could be worldwide readable.
WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.
Check VACUUM cleaning.
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
SD-cards and other external storages have 'worldwide read' policy.
Other applications could access the interfaces.
Code for 'DexClassLoader' could be tampered.
Control of WebView context allows to access local files.
Are you sure these files should be here?
Were do they point?
All items deleted with 'file.delete()' could be recovered.
CPE | Name | Operator | Version |
---|---|---|---|
مراحل الحمل و الولادة بالتفصيل | le | 10.0 |