Remediation Guide

  1. Android
    1. Insecure storage of cryptographic keys information
      1. A writable keystore
      2. A writable keystore protected by a weak password
      3. A readable file keystore
      4. A readable keystore, protected by a weak password, with private keys
      5. A readable keystore, protected by a weak password, with public keys
      6. A readable keystore containing private keys protected by a weak password
      7. Using a file keystore
      8. A keystore, protected by a weak password, containing private keys
      9. A keystore, protected by a weak password, containing public keys
      10. A keystore containing private keys protected by a weak password
    2. Transmission of sensitive information in Activity
      1. Insecure transmission of sensitive information in Activity
      2. Insecure transmission of sensitive information in external Activity
      3. Insecure transmission of sensitive information in private Activity
    3. Transmission of sensitive information in Service
      1. Insecure transmission of sensitive information in Service
      2. Insecure transmission of sensitive information in external Service
      3. Insecure transmission of sensitive information in internal Service
    4. Sending sensitive information over the network
      1. Inclusion of sensitive information into the GET request parameters
      2. Inclusion of sensitive information into an HTTPS request
      3. Transmission of sensitive information in an HTTP request
      4. Transmission of sensitive information in an HTTP response
      5. Inclusion of sensitive information into an HTTPS response
    5. Storing Sensitive Information
      1. Storing sensitive information in memory
      2. Storing sensitive information in a public file outside the application's directory
      3. Storing sensitive information in a public file inside the application's directory
      4. Storing sensitive information in a private file outside the application's directory
      5. Storing sensitive information in a private file inside the application's directory
      6. Storing sensitive information in a public protected database
      7. Storing sensitive information in a protected database
      8. Storing sensitive information in a public unprotected database
      9. Storing sensitive information in the application source code
      10. Storage or use of previously found sensitive information
      11. Storing sensitive information in the keyboard cache
    6. Output of sensitive information into the system log
    7. Insecure settings in AndroidManifest.xml
    8. Insecure Signature Algorithm
    9. Insufficient length of a signature key
    10. Transmission of sensitive information in BroadcastReceiver
    11. Transmission of sensitive information in SQL query parameters
    12. Possibility to create a backup copy of the application
    13. Application is not obfuscated
    14. Weak database encryption password
    15. Interception of the database encryption password
    16. An application allows network connections via HTTP
    17. Insecure networking configuration
    18. Potential execution of arbitrary code within the application
    19. Storing Cookie values in the standard WebView database
    20. Storing a private key/certificate that is not protected by a password in the directory/resources of the application
    21. Storing a public key/certificate in the directory/resources of the application
    22. Storing a private key/certificate protected by a password in the directory/resources of the application
    23. Storing a key/certificate in the directory/resources of the application
    24. Insecure settings in AndroidManifest.xml. The android:hasFragileUserData flag
    25. Insecure settings in AndroidManifest.xml. The android:requestLegacyExternalStorage flag