HackApp vulnerability scanner discovered that application داروهای گیاهی و طب سنتی published at the ‘play’ market has multiple vulnerabilities.
Files created with these methods could be worldwide readable.
Passwords or tokens here. Everyone can see and use it.
WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
Control of WebView context allows to access local files.
Were do they point?