Potentially Insecure Shared Preferences Permissions

Description

Setting Shared Preferences with insecure permissions either world readable or world writable may expose sensitive information stored in shared preferences to arbitrary read or write by a malicious attacker.

Recommendation

Shared Preferences are XML files to store private primitive data in key-value pairs. Data Types include Booleans, floats, ints, longs, and strings.

Shared preferences must be set with the permission MODE_WORLD_READABLE, unless explicity required for sharing information across apps.

Technical details
[TAINT] Const '1' ==>>> Sink '['Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;', '1', 'SHARED_PREFERENCE_SINK']' [[('Lcom/razorpay/Checkout;', 'clearUserData', '(Landroid/content/Context;)V'), ('Lcom/razorpay/Q__v$;', 'd__1_', '(Landroid/content/Context;)Landroid/content/SharedPreferences$Editor;'), ('Lcom/razorpay/Q__v$;', 'a_$P$', '(Landroid/content/Context;)Landroid/content/SharedPreferences;'), ('Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;')]]

Call to shared preference method using insecure permission (WORLD_WRITABLE)

Method com.razorpay.Checkout.clearUserData():


    public static void clearUserData(android.content.Context p3)
    {
        String v0_0 = com.razorpay.Q__v$.Q_$2$(p3);
        v0_0.putString("rzp_user_contact", 0);
        v0_0.commit();
        String v0_3 = com.razorpay.Q__v$.Q_$2$(p3);
        v0_3.putString("rzp_user_email", 0);
        v0_3.commit();
        com.razorpay.Q__v$.d__1_(p3).putString("rzp_device_token", 0).apply();
        android.webkit.CookieManager.getInstance().setCookie("https://api.razorpay.com", "razorpay_api_session=");
        return;
    }

Method com.razorpay.Q__v$.d__1_():


    public static android.content.SharedPreferences$Editor d__1_(android.content.Context p3)
    {
        int v0_7;
        int v0_1 = (com.razorpay.Q__v$.a_$P$ + 79);
        com.razorpay.Q__v$.Q_$2$ = (v0_1 % 128);
        if ((v0_1 % 2) == 0) {
            v0_7 = 30;
        } else {
            v0_7 = 62;
        }
        if (v0_7 == 62) {
            com.razorpay.Q__v$.a_$P$(p3).edit();
            throw 0;
        } else {
            int v0_5;
            android.content.SharedPreferences v3_3 = com.razorpay.Q__v$.a_$P$(p3).edit();
            int v0_3 = (com.razorpay.Q__v$.Q_$2$ + 19);
            com.razorpay.Q__v$.a_$P$ = (v0_3 % 128);
            if ((v0_3 % 2) != 0) {
                v0_5 = 0;
            } else {
                v0_5 = 1;
            }
            if (v0_5 == 1) {
                return v3_3;
            } else {
                return v3_3;
            }
        }
    }

Method com.razorpay.Q__v$.a_$P$():


    public static android.content.SharedPreferences a_$P$(android.content.Context p5)
    {
        int v0_9;
        int v0_1 = (com.razorpay.Q__v$.Q_$2$ + 111);
        com.razorpay.Q__v$.a_$P$ = (v0_1 % 128);
        if ((v0_1 % 2) != 0) {
            v0_9 = 0;
        } else {
            v0_9 = 1;
        }
        android.content.SharedPreferences v5_1;
        if (v0_9 == 0) {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 1);
        } else {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 0);
        }
        int v0_6;
        int v0_4 = (com.razorpay.Q__v$.Q_$2$ + 95);
        com.razorpay.Q__v$.a_$P$ = (v0_4 % 128);
        if ((v0_4 % 2) != 0) {
            v0_6 = 22;
        } else {
            v0_6 = 50;
        }
        if (v0_6 == 50) {
            return v5_1;
        } else {
            return v5_1;
        }
    }

Method android.content.Context.getSharedPreferences() not found.

[TAINT] Const '1' ==>>> Sink '['Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;', '1', 'SHARED_PREFERENCE_SINK']' [[('Lcom/razorpay/Q__v$;', 'a_$P$', '(Landroid/content/Context;)Landroid/content/SharedPreferences;'), ('Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;')]]

Call to shared preference method using insecure permission (WORLD_WRITABLE)

Method com.razorpay.Q__v$.a_$P$():


    public static android.content.SharedPreferences a_$P$(android.content.Context p5)
    {
        int v0_9;
        int v0_1 = (com.razorpay.Q__v$.Q_$2$ + 111);
        com.razorpay.Q__v$.a_$P$ = (v0_1 % 128);
        if ((v0_1 % 2) != 0) {
            v0_9 = 0;
        } else {
            v0_9 = 1;
        }
        android.content.SharedPreferences v5_1;
        if (v0_9 == 0) {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 1);
        } else {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 0);
        }
        int v0_6;
        int v0_4 = (com.razorpay.Q__v$.Q_$2$ + 95);
        com.razorpay.Q__v$.a_$P$ = (v0_4 % 128);
        if ((v0_4 % 2) != 0) {
            v0_6 = 22;
        } else {
            v0_6 = 50;
        }
        if (v0_6 == 50) {
            return v5_1;
        } else {
            return v5_1;
        }
    }

Method android.content.Context.getSharedPreferences() not found.

[TAINT] Const '1' ==>>> Sink '['Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;', '1', 'SHARED_PREFERENCE_SINK']' [[('Lcom/razorpay/Q__v$;', 'd__1_', '(Landroid/content/Context;)Landroid/content/SharedPreferences$Editor;'), ('Lcom/razorpay/Q__v$;', 'a_$P$', '(Landroid/content/Context;)Landroid/content/SharedPreferences;'), ('Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;')]]

Call to shared preference method using insecure permission (WORLD_WRITABLE)

Method com.razorpay.Q__v$.d__1_():


    public static android.content.SharedPreferences$Editor d__1_(android.content.Context p3)
    {
        int v0_7;
        int v0_1 = (com.razorpay.Q__v$.a_$P$ + 79);
        com.razorpay.Q__v$.Q_$2$ = (v0_1 % 128);
        if ((v0_1 % 2) == 0) {
            v0_7 = 30;
        } else {
            v0_7 = 62;
        }
        if (v0_7 == 62) {
            com.razorpay.Q__v$.a_$P$(p3).edit();
            throw 0;
        } else {
            int v0_5;
            android.content.SharedPreferences v3_3 = com.razorpay.Q__v$.a_$P$(p3).edit();
            int v0_3 = (com.razorpay.Q__v$.Q_$2$ + 19);
            com.razorpay.Q__v$.a_$P$ = (v0_3 % 128);
            if ((v0_3 % 2) != 0) {
                v0_5 = 0;
            } else {
                v0_5 = 1;
            }
            if (v0_5 == 1) {
                return v3_3;
            } else {
                return v3_3;
            }
        }
    }

Method com.razorpay.Q__v$.a_$P$():


    public static android.content.SharedPreferences a_$P$(android.content.Context p5)
    {
        int v0_9;
        int v0_1 = (com.razorpay.Q__v$.Q_$2$ + 111);
        com.razorpay.Q__v$.a_$P$ = (v0_1 % 128);
        if ((v0_1 % 2) != 0) {
            v0_9 = 0;
        } else {
            v0_9 = 1;
        }
        android.content.SharedPreferences v5_1;
        if (v0_9 == 0) {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 1);
        } else {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 0);
        }
        int v0_6;
        int v0_4 = (com.razorpay.Q__v$.Q_$2$ + 95);
        com.razorpay.Q__v$.a_$P$ = (v0_4 % 128);
        if ((v0_4 % 2) != 0) {
            v0_6 = 22;
        } else {
            v0_6 = 50;
        }
        if (v0_6 == 50) {
            return v5_1;
        } else {
            return v5_1;
        }
    }

Method android.content.Context.getSharedPreferences() not found.

[TAINT] Const '1' ==>>> Sink '['Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;', '1', 'SHARED_PREFERENCE_SINK']' [[('Lcom/razorpay/l_$w$;', 'R$$r_', '(Landroid/content/Context;)Lorg/json/JSONArray;'), ('Lcom/razorpay/Q__v$;', 'a_$P$', '(Landroid/content/Context;)Landroid/content/SharedPreferences;'), ('Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;')]]

Call to shared preference method using insecure permission (WORLD_WRITABLE)

Method com.razorpay.l_$w$.R$$r_():


    public static org.json.JSONArray R$$r_(android.content.Context p7)
    {
        org.json.JSONArray v1_1 = new org.json.JSONArray();
        com.razorpay.AnalyticsProperty$R$$r_ v2_3 = com.razorpay.BaseUtils.getListOfAppsWhichHandleDeepLink(p7, "io.rzp://rzp.io").iterator();
        int v3 = 0;
        while (v2_3.hasNext()) {
            com.razorpay.AnalyticsEvent v4_4 = ((android.content.pm.ResolveInfo) v2_3.next()).activityInfo.taskAffinity;
            v3++;
            try {
                String v5_3 = com.razorpay.Q__v$.a_$P$(p7.createPackageContext(v4_4, 2)).getString("rzp_device_token", 0);
            } catch (com.razorpay.AnalyticsEvent v4_5) {
                if ((v4_5 instanceof SecurityException)) {
                    if (android.os.Build$VERSION.SDK_INT >= 24) {
                        com.razorpay.AnalyticsUtil.trackEvent(com.razorpay.AnalyticsEvent.SHARE_PREFERENCES_SECURITY_EXCEPTION);
                    }
                }
                com.razorpay.AnalyticsUtil.reportError(v4_5, "critical", v4_5.getMessage());
            }
            if (v5_3 != null) {
                String v6_4 = new org.json.JSONObject();
                v6_4.put("rzp_device_token", v5_3);
                v6_4.put("card_saving_token_source", v4_4);
                v1_1.put(v6_4);
            }
        }
        com.razorpay.AnalyticsUtil.addProperty("sdk_count", new com.razorpay.AnalyticsProperty(v3, com.razorpay.AnalyticsProperty$R$$r_.d__1_));
        com.razorpay.AnalyticsUtil.addProperty("sdk_count_with_token", new com.razorpay.AnalyticsProperty(v1_1.length(), com.razorpay.AnalyticsProperty$R$$r_.d__1_));
        return v1_1;
    }

Method com.razorpay.Q__v$.a_$P$():


    public static android.content.SharedPreferences a_$P$(android.content.Context p5)
    {
        int v0_9;
        int v0_1 = (com.razorpay.Q__v$.Q_$2$ + 111);
        com.razorpay.Q__v$.a_$P$ = (v0_1 % 128);
        if ((v0_1 % 2) != 0) {
            v0_9 = 0;
        } else {
            v0_9 = 1;
        }
        android.content.SharedPreferences v5_1;
        if (v0_9 == 0) {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 1);
        } else {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 0);
        }
        int v0_6;
        int v0_4 = (com.razorpay.Q__v$.Q_$2$ + 95);
        com.razorpay.Q__v$.a_$P$ = (v0_4 % 128);
        if ((v0_4 % 2) != 0) {
            v0_6 = 22;
        } else {
            v0_6 = 50;
        }
        if (v0_6 == 50) {
            return v5_1;
        } else {
            return v5_1;
        }
    }

Method android.content.Context.getSharedPreferences() not found.

[TAINT] Const '1' ==>>> Sink '['Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;', '1', 'SHARED_PREFERENCE_SINK']' [[('Lcom/razorpay/l_$w$;', 'a_$P$', '(Landroid/content/Context;)V'), ('Lcom/razorpay/Q__v$;', 'a_$P$', '(Landroid/content/Context;)Landroid/content/SharedPreferences;'), ('Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;')]]

Call to shared preference method using insecure permission (WORLD_WRITABLE)

Method com.razorpay.l_$w$.a_$P$():


    public static void a_$P$(android.content.Context p9)
    {
        if ((!com.razorpay.f$_G$.f$_G$().O__Y_()) || (com.razorpay.Q__v$.a_$P$(p9).getString("rzp_device_token", 0) == null)) {
            if ((android.os.Build$VERSION.SDK_INT < 24) || (!com.razorpay.f$_G$.f$_G$().H$_a_())) {
                if (com.razorpay.f$_G$.f$_G$().L$$C_()) {
                    com.razorpay.l_$w$.G__G_(p9, com.razorpay.l_$w$.R$$r_(p9));
                }
                return;
            } else {
                android.content.Intent v2_1 = new android.content.Intent();
                v2_1.setAction("rzp.device_token.share");
                p9.sendOrderedBroadcast(v2_1, 0, new com.razorpay.l_$w$$3(), 0, -1, 0, 0);
                return;
            }
        } else {
            com.razorpay.AnalyticsUtil.addProperty("device_token_source_single", new com.razorpay.AnalyticsProperty(p9.getPackageName(), com.razorpay.AnalyticsProperty$R$$r_.d__1_));
            return;
        }
    }

Method com.razorpay.Q__v$.a_$P$():


    public static android.content.SharedPreferences a_$P$(android.content.Context p5)
    {
        int v0_9;
        int v0_1 = (com.razorpay.Q__v$.Q_$2$ + 111);
        com.razorpay.Q__v$.a_$P$ = (v0_1 % 128);
        if ((v0_1 % 2) != 0) {
            v0_9 = 0;
        } else {
            v0_9 = 1;
        }
        android.content.SharedPreferences v5_1;
        if (v0_9 == 0) {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 1);
        } else {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 0);
        }
        int v0_6;
        int v0_4 = (com.razorpay.Q__v$.Q_$2$ + 95);
        com.razorpay.Q__v$.a_$P$ = (v0_4 % 128);
        if ((v0_4 % 2) != 0) {
            v0_6 = 22;
        } else {
            v0_6 = 50;
        }
        if (v0_6 == 50) {
            return v5_1;
        } else {
            return v5_1;
        }
    }

Method android.content.Context.getSharedPreferences() not found.

[TAINT] Const '1' ==>>> Sink '['Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;', '1', 'SHARED_PREFERENCE_SINK']' [[('Lcom/razorpay/l__d$$8;', 'run', '()V'), ('Lcom/razorpay/l__d$;', 'G__G_', '(Lcom/razorpay/l__d$;)Ljava/lang/String;'), ('Lcom/razorpay/l__d$;', 'getOptionsForHandleMessage', '()Lorg/json/JSONObject;'), ('Lcom/razorpay/Q__v$;', 'a_$P$', '(Landroid/content/Context;)Landroid/content/SharedPreferences;'), ('Landroid/content/Context;', 'getSharedPreferences', '(Ljava/lang/String; I)Landroid/content/SharedPreferences;')]]

Call to shared preference method using insecure permission (WORLD_WRITABLE)

Method com.razorpay.l__d$$8.run():


    public final void run()
    {
        if ((com.razorpay.l__d$.a_$P$(this.G__G_) == null) || (com.razorpay.l__d$.a_$P$(this.G__G_).isEmpty())) {
            this.G__G_.view.loadUrl(1, "javascript: CheckoutBridge.setCheckoutBody(document.documentElement.outerHTML)");
        }
        String v0_3 = this.G__G_;
        v0_3.view.loadUrl(1, com.razorpay.l__d$.G__G_(v0_3));
        String v0_6 = this.G__G_;
        com.razorpay.l__d$$Q_$2$ v2_2 = v0_6.view;
        Object[] v3 = new Object[1];
        v3[0] = com.razorpay.AnalyticsUtil.getAnalyticsDataForCheckout(v0_6.activity).toString();
        v2_2.loadUrl(1, String.format("javascript: CheckoutBridge.sendAnalyticsData({data: %s})", v3));
        return;
    }

Method com.razorpay.l__d$.G__G_():


    public static synthetic String G__G_(com.razorpay.l__d$ p2)
    {
        Object[] v0_1 = new Object[1];
        v0_1[0] = p2.getOptionsForHandleMessage().toString();
        return String.format("javascript: handleMessage(%s)", v0_1);
    }

Method com.razorpay.l__d$.getOptionsForHandleMessage():


    public org.json.JSONObject getOptionsForHandleMessage()
    {
        org.json.JSONObject v0_1 = new org.json.JSONObject();
        try {
            v0_1.put("options", this.Q_$2$.Q_$2$());
            v0_1.put("data", this.b__J_);
            v0_1.put("id", com.razorpay.AnalyticsUtil.getLocalOrderId());
            v0_1.put("key_id", this.R$$r_);
            v0_1.put("upi_intents_data", com.razorpay.g__v_.G__G_(this.activity));
            String v1_5 = new org.json.JSONObject();
            v1_5.put("openedAt", System.currentTimeMillis());
            v0_1.put("metadata", v1_5);
            String v1_9 = com.razorpay.Q__v$.a_$P$(this.activity.getApplicationContext()).getString("rzp_device_token", 0);
        } catch (org.json.JSONException) {
            return v0_1;
        }
        if (!android.text.TextUtils.isEmpty(v1_9)) {
            v0_1.put("device_token", v1_9);
        }
        v0_1.put("sdk_popup", 1);
        v0_1.put("magic", 1);
        v0_1.put("network_type", com.razorpay.BaseUtils.getNetworkType(this.activity));
        v0_1.put("activity_recreated", this.f$_G$);
        return v0_1;
    }

Method com.razorpay.Q__v$.a_$P$():


    public static android.content.SharedPreferences a_$P$(android.content.Context p5)
    {
        int v0_9;
        int v0_1 = (com.razorpay.Q__v$.Q_$2$ + 111);
        com.razorpay.Q__v$.a_$P$ = (v0_1 % 128);
        if ((v0_1 % 2) != 0) {
            v0_9 = 0;
        } else {
            v0_9 = 1;
        }
        android.content.SharedPreferences v5_1;
        if (v0_9 == 0) {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 1);
        } else {
            v5_1 = p5.getSharedPreferences("rzp_preference_public", 0);
        }
        int v0_6;
        int v0_4 = (com.razorpay.Q__v$.Q_$2$ + 95);
        com.razorpay.Q__v$.a_$P$ = (v0_4 % 128);
        if ((v0_4 % 2) != 0) {
            v0_6 = 22;
        } else {
            v0_6 = 50;
        }
        if (v0_6 == 50) {
            return v5_1;
        } else {
            return v5_1;
        }
    }

Method android.content.Context.getSharedPreferences() not found.