HackApp vulnerability scanner discovered that application Your Freedom VPN Client published at the βplayβ market has multiple vulnerabilities.
Were do they point?
This app is looking for root tools.
All items deleted with 'file.delete()' could be recovered.
The app uses Android KeyStore subsystem.
Are you sure these files should be here?
Native code (.so) usage 'System.loadLibrary();' is found.
SD-cards and other external storages have 'worldwide read' policy.
These credentials could be used for authentication.
Other applications could access the interfaces.
Function 'Runtime.getRuntime().exec()' is used, please check where variables are come from.
Check certificate validation. Do not create or redefine X509Certificate class methods by yourself, if you don't understand risks. Use the existing API.
CPE | Name | Operator | Version |
---|---|---|---|
your freedom vpn client | le | 20160224-02 |