Scan "Rescan Rescan goatdroid scan"

Application summary

Platform: android

Package: org.owasp.goatdroid.fourgoats

Version: 1.0

SHA1 Hash: 414da9666c83dcbfdd984eb60ddc57dd69cb06bf

Size: 1 MB

Scan summary


Date: March 5, 2018, 2:42 a.m.

Vulnerability risk dashboard
Code coverage (% methods)

3002/4853 methods

Risk Title Short description
High addJavaScriptInterface Remote Code Execution. WebView addJavaScriptInterface Remote Code Execution (CVE-2013-4710)
High Debug mode enabled Application is compiled with debug mode enabled
Potentially Call to dangerous WebView settings API List of WebView API calls
Potentially Backup mode enabled Application is enabling backup mode
Potentially Intent Spoofing The application is vulnerable to intent spoofing which may lead to inappropriate access
Potentially Services declared without permissions Declared services are not protected with global permissions
Potentially Insecure Shared Preferences Permissions Shared Preferences are set with insecure permissions (WORLD_READABLE or WORLD_WRITABLE)
Potentially Insecure TLS certificate domain name validation Application accepts valid certificate with invalid hostname making it vulnerable to man-in-the-middle (MITM) attacks
Important Exported activites, services and broadcast receivers list List of all exported components (activities, services, broadcast receivers, content providers)
Important Decompiled source code Retrieved source using open-source decompilers
Info Call to XML parsing API List of XML parsing API calls
Info APK files list List of all files shipped in the application.
Info Hardcoded SQL queries list Hardcoded SQL queries constant strings
Info Obfuscated methods List of code obfuscation status of all application\s componenets
Info Call to Inter-Process-Communication (IPC) API List of Interp-Process Communication (IPC) calls
Info Call to External Storage API List of external storage API calls
Info Call to logging API List of logging API calls
Info APK attack surface List of components potentially accepting user input
Info Virustotal malware analysis (MD5 based search) VirusTotal Malware analysis
Info Hardcoded strings list Hardcoded strings
Info Application components list List application's components
Info Android Manifest APK Manifest in XML
Info Call to SSL/TLS API List of all files shipped in the application.
Info Application certificate information Application signing certificate details
Info Call to Reflection API List of reflection API calls
Info Call to SQLite query API List of SQLite query API calls