Volkswagen RaceApp - Base64 encoded String, External URLs, Possible privilege escalation vulnerabilities

{"cvelist": [], "published": "2016-04-01T09:32:30", "bulletinFamily": "software", "objectVersion": "1.2", "href": "https://hackapp.com/report/bd3d0f144a5dbef747ae820e59011b6d", "lastseen": "2016-09-26T20:43:30", "id": "HACKAPP:DE.VOLKSWAGEN.ACCESSORIES.RACEAPP.APK", "hackapp": {"link": "https://play.google.com/store/apps/details?id=de.volkswagen.accessories.raceapp&hl=en", "bugs": [{"description": "All items deleted with 'file.delete()' could be recovered.", "severity": "notice", "id": "ab82540ff4a26eea9df7e17857849448", "name": "Unsafe deleting"}, {"description": "Are you sure these files should be here?", "severity": "notice", "id": "07d8ec745ecae5548e73c59613ace753", "name": "Suspicious files"}, {"description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.", "severity": "medium", "id": "cbd61cffc8932e5f77e3fcbc91813eb0", "name": "WebView JavaScript enabled"}, {"description": "Control of WebView context allows to access local files.\n\t\t\t", "severity": "medium", "id": "53b50bdd354c1f4dc1dfcdc6b7865623", "name": "WebView files access"}, {"description": "Base64 encoded string could include authentication credentials.", "severity": "critical", "id": "6e441346af196ff8a5c50b7d020a58f7", "name": "Base64 encoded String"}, {"description": "This app is looking for root tools.", "severity": "notice", "id": "84d027c6bc78da7d5cf4c02e82bcac0d", "name": "Possible privilege escalation"}, {"description": "Were do they point?", "severity": "notice", "id": "ba1363cb7d080c10c42d001123372d83", "name": "External URLs"}, {"description": "Function 'Runtime.getRuntime().exec()' is used, please check where variables are come from.", "severity": "medium", "id": "7d1a1d37451a167a3c0b645dc8652ecc", "name": "Runtime command execution"}, {"description": "SD-cards and other external storages have 'worldwide read' policy.", "severity": "medium", "id": "334cf417a12ad3bd121f6d2d25b4f841", "name": "SD-card access"}], "vendor": "Volkswagen AG", "release": "2015-03-24T00:00:00", "version": "1.2.1", "apk": "DE.VOLKSWAGEN.ACCESSORIES.RACEAPP.APK", "store": "play", "name": "Volkswagen RaceApp", "icon": "http://lh6.ggpht.com/NtFf2HyoWstF4dbE2UAJUewpiKK6glbfiNP7i_h3rRlUQAko5L_ZXY0QOzwj66_-9e4=w300"}, "reporter": "Hackapp.org", "references": ["https://play.google.com/store/apps/details?id=de.volkswagen.accessories.raceapp&hl=en"], "hashmap": [{"hash": "dca1063c92be9eb5d4e91df07241dcb7", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "38b89236ddb10dcbcee28266c1489f01", "key": "description"}, {"hash": "563f47c0580b6dae51bab1bd0da584f8", "key": "hackapp"}, {"hash": "69c75d2f742be06ab88de83225eaaf59", "key": "href"}, {"hash": "ef3846115058269b646251ec4c02df12", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "ef3846115058269b646251ec4c02df12", "key": "published"}, {"hash": "41d383f26a4022dbc2a1cacbc5c4953f", "key": "references"}, {"hash": "3b012aae1848bb95fe11f3cebae83cb0", "key": "reporter"}, {"hash": "ad1b425a39312e517eb53f9a879ad1d8", "key": "title"}, {"hash": "96e87ef1fcc8d9d3cdd337488987c423", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "description": "HackApp vulnerability scanner discovered that application Volkswagen RaceApp published at the 'play' market has multiple vulnerabilities.", "modified": "2016-04-01T09:32:30", "cvss": {"vector": "NONE", "score": 0}, "viewCount": 1, "type": "hackapp", "affectedSoftware": [{"name": "Volkswagen RaceApp", "operator": "le", "version": "1.2.1"}], "title": "Volkswagen RaceApp - Base64 encoded String, External URLs, Possible privilege escalation vulnerabilities", "hash": "7ec1c989062aa23a534ae7c8eb8dfa47dda04c8cec2a3eac4051e3cfce24ad62", "history": [], "edition": 1, "enchantments": {"vulnersScore": 3.7}}