Android

  1. Insecure storage of cryptographic keys information
    1. A keystore with write permission
    2. A keystore with write permission protected by a weak password
    3. Readable file keystore
    4. A readable keystore, protected by a weak password, with private keys
    5. A readable keystore, protected by a weak password, with public keys
    6. A readable keystore containing private keys protected by a weak password
    7. Using a file keystore
    8. A keystore, protected by weak password, containing private keys
    9. A keystore, protected by weak password, containing public keys
    10. A keystore containing private keys protected by a weak password
  2. Transmission of sensitive information in Activity
    1. Insecure transmission of sensitive information in Activity
    2. Insecure transmission of sensitive information in external Activity
    3. Insecure transmission of sensitive information in private Activity
  3. Transmission of sensitive information in Service
    1. Insecure transmission of sensitive information in Service
    2. Insecure transmission of sensitive information in external Service
    3. Insecure transmission of sensitive information in internal Service
  4. Sending sensitive information over the network
    1. Inclusion of sensitive information into the GET request parameters
    2. Inclusion of sensitive information into an HTTPS request
    3. Transmission of sensitive information in an HTTP request
    4. Transmission of sensitive information in an HTTP response
    5. Inclusion of sensitive information into an HTTPS response
  5. Storage Sensitive Information
    1. Storing sensitive information in memory
    2. Storing sensitive information in a public file outside the application's directory
    3. Storing sensitive information in a public file inside the application's directory
    4. Storing sensitive information in a private file outside the application's directory
    5. Storing sensitive information in a private file inside the application's directory
    6. Storing sensitive information in a public protected database
    7. Storing sensitive information in a protected database
    8. Storing sensitive information in a public unprotected database
    9. Storing sensitive information in the application source code
    10. Storage or use of previously found sensitive information
    11. Storing sensitive information in the keyboard cache
  6. Output of the sensitive information into the system log
  7. Insecure settings in AndroidManifest.xml
  8. Insecure Signature Algorithm
  9. Insufficient length of a signature key
  10. Transmission of sensitive information in BroadcastReceiver
  11. Transmission of sensitive information in SQL query parameters
  12. Possibility to create a backup copy of the application
  13. Application is not obfuscated
  14. Weak database encryption password
  15. Interception of the database encryption password
  16. An application allows network connections via HTTP
  17. Insecure networking configuration
  18. Potential execution of arbitrary code within the application
  19. Storing Cookie values in the standard WebView database
  20. Storing a private key/certificate that is not protected by a password in the directory/resources of the application
  21. Storing a public key/certificate in the directory/resources of the application
  22. Storing a private key/certificate protected by a password in the directory/resources of the application
  23. Storing a key/certificate in the directory/resources of the application
  24. Insecure settings in AndroidManifest.xml. The android:hasFragileUserData flag
  25. Insecure settings in AndroidManifest.xml. The android:requestLegacyExternalStorage flag