Scan "ICICI Bank"

Application summary

Platform: android

Package: com.csam.icici.bank.imobile

Version: 9.6

SHA1 Hash: 7d6c073b40ea6aee07b50ae819c9a16489e5bbc6

Size: 40 MB

Scan summary

Icon

Date: March 15, 2019, 6:28 p.m.

Vulnerability risk dashboard
Code coverage (% methods)

5000/144236 methods

Risk Title Short description
High Apache Cordova < 4.1.1 suffers from multiple vulnerabilities Apache Cordova below version 4.1.1 suffers from multiple vulnerabilties
High Remote Exploitation of the Cordova Framework Remote Exploitation of the Cordova Framework
Medium Insecure whitelist configuration Insecure whitelist configuration authorising access to all ressources.
Low Insecure Network Configuration Settings The application does not specify a network security configuration or sets insecure settings
Potentially Clear text HTTP request The application is accessing data over unencrypted channel, undermining the confidentiality and integrity of data in transit.
Potentially Call to dangerous WebView settings API List of WebView API calls
Potentially Intent Spoofing The application is vulnerable to intent spoofing which may lead to inappropriate access
Potentially Services declared without permissions Declared services are not protected with global permissions
Potentially Cryptographic Vulnerability: Insecure Algorithm The client supports combinations of cipher suites that suffer from known cryptographic weaknesses.
Important Exported activites, services and broadcast receivers list List of all exported components (activities, services, broadcast receivers, content providers)
Info Call to XML parsing API List of XML parsing API calls
Info Call to Socket API List of Server Socket API calls
Info APK files list List of all files shipped in the application.
Info Call to native methods List of native methods calls
Info Obfuscated methods List of code obfuscation status of all application\s componenets
Info Application checks rooted device Presence of strings and methods indicating potential check for rooted device
Info Implementation of a WebViewClient List of WebViewClient implementation
Info Call to Inter-Process-Communication (IPC) API List of Interp-Process Communication (IPC) calls
Info Call to External Storage API List of external storage API calls
Info Call to command execution API List of all command execution API calls
Info Call to logging API List of logging API calls
Info APK attack surface List of components potentially accepting user input
Info Virustotal malware analysis (MD5 based search) VirusTotal Malware analysis
Info Apache Cordova Framework detected Application is built using the Cordova Apache Framework
Info Application components list List application's components
Info Android Manifest APK Manifest in XML
Info Call to SSL/TLS API List of all files shipped in the application.
Info Application certificate information Application signing certificate details
Info Call to Reflection API List of reflection API calls
Info Call to dynamic code loading API List of dynamic code loading API calls
Info Call to Crypto API List of crypto API calls
Info Call to Random API List of random API calls
Info Call to SQLite query API List of SQLite query API calls
Info List of JNI methods List of JNI methods defined in ELF files and used by the application