Hackapp.orgHACKAPP:COM.ERTIQA.LAMSA.APKلمسة : قصص و ألعاب أطفال عربية - Dangerous filesystem permissions, Exported ContentProvider, MIT license vulnerabilities
HackApp vulnerability scanner discovered that application لمسة : قصص و ألعاب أطفال عربية published at the ‘play’ market has multiple vulnerabilities.
Name
لمسة : قصص و ألعاب أطفال عربيةVendor
LamsaLink
COM.ERTIQA.LAMSA.APKStore
playVersion
Varies with device- MEDIUM
- Exported components
Other applications could access the interfaces.
- WebView JavaScript enabled
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
- SD-card access
SD-cards and other external storages have 'worldwide read' policy.
- WebView files access
Control of WebView context allows to access local files.
- Runtime command execution
Function 'Runtime.getRuntime().exec()' is used, please check where variables are come from.
- CRITICAL
- Dangerous filesystem permissions
Files created with these methods could be worldwide readable.
- Exported ContentProvider
Exported ContentProvider is available to other apps.
- MIT license
The app should be compliant with open source license requirements.
- WebView code execution
WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.
- NOTICE
- Suspicious files
Are you sure these files should be here?
- External URLs
Where do they point?
- Unsafe deleting
All items deleted with 'file.delete()' could be recovered.
- Possible privilege escalation
This app is looking for root tools.