Scan "Rescan None"

Application summary

Platform: android

Package: com.cipher.Shield

Version: 4.6

SHA1 Hash: 9a8ac1906600439fec9c252fa4d2e198bd15d903

Size: 5 MB

Scan summary

Icon

Date: Jan. 8, 2018, 12:24 p.m.

Vulnerability risk dashboard
Code coverage (% methods)

36139/44214 methods

Risk Title Short description
High Virustotal malware analysis (MD5 based search) VirusTotal Malware analysis
Medium Application code not obfuscated Application's source code is not obfuscated and could be decompiled to retrieve the initial source code
Potentially Cryptographic Vulnerability: Insecure mode The client supports combinations of cipher suites that suffer from known cryptographic weaknesses.
Potentially Insecure Filesystem Access Filesystem access using insecure permissions like world read or world write
Potentially Insecure Random Seed Use of insecure random seed generating predictable values.
Potentially Untrusted External Storage File Access The application may access untrusted files from the external storage
Potentially Intent Spoofing The application is vulnerable to intent spoofing which may lead to inappropriate access
Potentially Cryptographic Vulnerability: Hardcoded key The client supports combinations of cipher suites that suffer from known cryptographic weaknesses.
Potentially Cryptographic Vulnerability: Insecure Algorithm The client supports combinations of cipher suites that suffer from known cryptographic weaknesses.
Potentially Insecure TLS certificate domain name validation Application accepts valid certificate with invalid hostname making it vulnerable to man-in-the-middle (MITM) attacks
Important Exported activites, services and broadcast receivers list List of all exported components (activities, services, broadcast receivers, content providers)
Important Decompiled source code Retrieved source using open-source decompilers
Note Obfuscated methods List of code obfuscation status of all application\s componenets
Note Application potentially checks rooted device Presence of strings and methods indicating potential check for rooted device
Note Hardcoded SQL queries list Hardcoded SQL queries constant strings
Note Implementation of a WebViewClient List of WebViewClient implementation
Note Call to potentially dangerous WebView settings API List of WebView API calls
Note Hardcoded urls list Hardcoded URL constant strings
Note Call to Inter-Process-Communication (IPC) API List of Interp-Process Communication (IPC) calls
Note Call to External Storage API List of external storage API calls
Note APK files list List of all files shipped in the application.
Note Call to command execution API List of all command execution API calls
Note Call to Socket API List of Server Socket API calls
Note Call to logging API List of logging API calls
Note APK attack surface List of components potentially accepting user input
Note Hardcoded strings list Hardcoded strings
Note Application components list List application's components
Note Android Manifest APK Manifest in XML
Note Call to SSL/TLS API List of all files shipped in the application.
Note Application certificate information Application signing certificate details
Note Call to Crypto API List of crypto API calls
Note Call to Random API List of random API calls
Note Call to dynamic code loading API List of dynamic code loading API calls