HackApp vulnerability scanner discovered that application دمج الصور و تجميع الصور published at the ‘play’ market has multiple vulnerabilities.
SD-cards and other external storages have 'worldwide read' policy.
Control of WebView context allows to access local files.
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
Other applications could access the interfaces.
Code for 'DexClassLoader' could be tampered.
All items deleted with 'file.delete()' could be recovered.
Were do they point?