HackApp vulnerability scanner discovered that application WhatβSmileys: smileys for chat published at the βplayβ market has multiple vulnerabilities.
Control of WebView context allows to access local files.
Code for 'DexClassLoader' could be tampered.
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
SD-cards and other external storages have 'worldwide read' policy.
WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.
Files created with these methods could be worldwide readable.
Are you sure these files should be here?
All items deleted with 'file.delete()' could be recovered.
Were do they point?
CPE | Name | Operator | Version |
---|---|---|---|
what'smileys: smileys for chat | le | 2.37 |