Android

  1. Insecure storage of cryptographic keys information
    1. A writable keystore
    2. A writable keystore protected by a weak password
    3. A readable file keystore
    4. A readable keystore, protected by a weak password, with private keys
    5. A readable keystore, protected by a weak password, with public keys
    6. A readable keystore containing private keys protected by a weak password
    7. Using a file keystore
    8. A keystore, protected by a weak password, containing private keys
    9. A keystore, protected by a weak password, containing public keys
    10. A keystore containing private keys protected by a weak password
  2. Transmission of sensitive information in Activity
    1. Insecure transmission of sensitive information in Activity
    2. Insecure transmission of sensitive information in external Activity
    3. Insecure transmission of sensitive information in private Activity
  3. Transmission of sensitive information in Service
    1. Insecure transmission of sensitive information in Service
    2. Insecure transmission of sensitive information in external Service
    3. Insecure transmission of sensitive information in internal Service
  4. Sending sensitive information over the network
    1. Inclusion of sensitive information into the GET request parameters
    2. Inclusion of sensitive information into an HTTPS request
    3. Transmission of sensitive information in an HTTP request
    4. Transmission of sensitive information in an HTTP response
    5. Inclusion of sensitive information into an HTTPS response
  5. Storing Sensitive Information
    1. Storing sensitive information in memory
    2. Storing sensitive information in a public file outside the application's directory
    3. Storing sensitive information in a public file inside the application's directory
    4. Storing sensitive information in a private file outside the application's directory
    5. Storing sensitive information in a private file inside the application's directory
    6. Storing sensitive information in a public protected database
    7. Storing sensitive information in a protected database
    8. Storing sensitive information in a public unprotected database
    9. Storing sensitive information in the application source code
    10. Storage or use of previously found sensitive information
    11. Storing sensitive information in the keyboard cache
  6. Output of sensitive information into the system log
  7. Insecure Signature Algorithm
  8. Insufficient length of a signature key
  9. Transmission of sensitive information in BroadcastReceiver
  10. Transmission of sensitive information in SQL query parameters
  11. Possibility to create a backup copy of the application
  12. Application is not obfuscated
  13. Weak database encryption password
  14. Interception of the database encryption password
  15. An application allows network connections via HTTP
  16. Insecure networking configuration
  17. Potential execution of arbitrary code within the application
  18. Storing Cookie values in the standard WebView database
  19. Storing a private key/certificate that is not protected by a password in the directory/resources of the application
  20. Storing a public key/certificate in the directory/resources of the application
  21. Storing a private key/certificate protected by a password in the directory/resources of the application
  22. Storing a key/certificate in the directory/resources of the application
  23. Insecure settings in AndroidManifest.xml
  24. Insecure settings in AndroidManifest.xml. The android:hasFragileUserData flag
  25. Insecure settings in AndroidManifest.xml. The android:requestLegacyExternalStorage flag