Skip to main content
650 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
-4 votes
0 answers
42 views

What are vulnerabilitites can occur by this and prevention tech in code level ?
Aadish's user avatar
  • 1
1 vote
1 answer
50 views

I found out that no matter where the SDK keys are stored, there is still a simple way to get them. I have a feeling that as long as the keys are shipped together with the apk, they are not secured. ...
David Rauca's user avatar
  • 1,603
0 votes
0 answers
50 views

Is there any way to access in-memory variables or object field values (e.g. Delivery.dropoffZipCode) of another app, without root access, without modifying the target APK, and without using an ...
user24883689's user avatar
  • 11
1 vote
1 answer
100 views

This is an app that uses WebView. Currently, my priority has been to get the upload done, so I haven’t organized the code yet. I’ve attempted to upload the app several times to Google Play Console for ...
Nullfi's user avatar
  • 59
1 vote
0 answers
97 views

User I have in closed testing of an app uninstalled our app, and re-installed it via the Google Playstore app link. I pulled their bug report off their phone. I'm pretty sure this (snippet below) is ...
RJA's user avatar
  • 498
0 votes
0 answers
110 views

Recently we got the below mail from Google play for our app: Issue found: Unsafe Implementation of WebView SSL Error Handler Issue details We found an issue in the following area(s): Version code ...
Anil Kumar's user avatar
  • 1
0 votes
1 answer
57 views

All photo apps require permission to photos, to work properly. Does this mean a malicious developer can upload users' photos to cloud, so he can see? If that is possible, what prevents him from doing ...
new's user avatar
  • 387
0 votes
1 answer
70 views

I implemented the Symmetric encryption of access token using Android KeyStore, but where I must do encryption process Repository class where I receive data from Remote. View Model class after passing ...
Dnveeraj's user avatar
  • 138
4 votes
2 answers
648 views

I have enabled detectUnsafeIntentLaunch in strict mode to test for change while targeting for android SDK 35 in my SDK. I have the following code where I send a broadcast and it is caught within the ...
amIT's user avatar
  • 724
1 vote
0 answers
82 views

Context: Fridum is a tool that can be used for penetration testing in Android. it can take a dump of an app's memory/heap and extract all strings. Problem: I am using fridump to take a dump for my app ...
nikhil bansal's user avatar
  • 451
0 votes
1 answer
80 views

Recently i creat new app from playstore console and also upload new bundle but playstore mention security and trust issues like Implicit Internal Intent vulnerability. this issues shows following ...
Krishna Dhas's user avatar
  • 33
6 votes
0 answers
328 views

Edit notes and updates below. Re-post from https://support.google.com/googleplay/android-developer/thread/277993015 as Google Support FAQ answer 9450925 states to post this here. (https://support....
Christian Kahlo's user avatar
  • 89
1 vote
2 answers
105 views

When I'm trying to publish my app on play store but im getting the intent redirection error in my broadcast receiver. Here is the related code. class SmsBroadcastReceiver : BroadcastReceiver() { ...
Berkay's user avatar
  • 11
0 votes
1 answer
60 views

I encountered an issue while using AWS S3 in my app to download a file from it. However, upon deploying my app on Google Play, I received a warning about a potential AWS authorization leak. val ...
quannm18's user avatar
  • 21
0 votes
0 answers
217 views

I'm working on a remote access application (similiar to AnyDesk) to access mobiles on a lan network and use them with just your browser. At this point, I'm able to send the device display output via ...
ppepa's user avatar
  • 56
1 vote
0 answers
104 views

If I launch some C code with the JNI in my Android application, is there a way I could limit that C code to access only a specific folder in my application folder, so sandboxing it to just a specific ...
Papers.ch's user avatar
  • 128
1 vote
1 answer
363 views

To avoid man in the middle attack in Android app, how efficient is the Public Key pinning method? Since anyone can easily get the public key of any domain, is it actually secure to implement it? We ...
VeeyaaR's user avatar
  • 321
1 vote
1 answer
319 views

In our application, we check the hashes of native library files. I assume this is done to avoid spoofing these files (this code appeared before I came to the project). We access the native code files ...
beet's user avatar
  • 56
1 vote
0 answers
22 views

I am trying out a challenge where the system has an app installed from which I need to extract a variable called x. The app has a man-in-the-disk vulnerability where it calls a file in the external ...
crispypants's user avatar
  • 11
1 vote
2 answers
148 views

How to make secure info of my sign app when I want to release my app i don't want to hardcode it. I would like to keep them safe from attacker and reverse engineering //gradle app file SigningConfigs {...
Mehrzad's user avatar
  • 123
0 votes
1 answer
494 views

I want to hide tap-jacking alerts in my Android app. I was able to do it on Android 12 and above by using getWindow().setHideOverlayWindows(true);. Can someone help me achieve this on versions below ...
Srikanth's user avatar
  • 1,595
1 vote
1 answer
412 views

Google play console pre-launch report says I have leaked GCP API Keys. I can't restrict a google web service API to the android app. However, I did put it inside a secrets.properties file using gradle ...
Chi Chan's user avatar
  • 81
2 votes
1 answer
133 views

https://support.google.com/faqs/answer/9093739 How to resolve leaked AWS credentials in Android App, we initialize AWS Rekognition using https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-...
user352290's user avatar
  • 1,360
0 votes
1 answer
272 views

android-safetynet attestation format is provided in webauthn in both browser API or FIDO2 Api for Android. Since safetynet API will be deprecated soon, what will be the replacement of safetynet ...
Archiman's user avatar
  • 1,080
0 votes
0 answers
24 views

I can get email addresses of users in my app, and sometimes they comes with addresses like this: [email protected]. My app provides some service, it's free for users now, but it's paid for me....
Konstantin Konopko's user avatar
  • 5,461
2 votes
1 answer
420 views

I am using the "Places Autocomplete" feature of the Places SDK for Android. I have set up an API key via the Google Cloud credentials console, and it worked great. However, I attempted ...
mathAndCats's user avatar
  • 307
0 votes
0 answers
504 views

I am getting to many of below android security related exception/crash on my test enviourment Device: Galaxy A52 5G Android: 11 Updated stack traces ndroid.security.KeyStore.getKeyStoreException ...
Sultan's user avatar
  • 148
0 votes
0 answers
47 views

Which of the following is considered safer and why Saving data (some strings, urls etc) in Asset folder and then reading from it Saving data in gradle.properties and reading from it
abhishek maharajpet's user avatar
  • 626
2 votes
1 answer
3k views

I got an "onReceivedSslError" error in my Play Console account as in the screenshot. I have handled the onReceivedSslError in all WebViewClients and show the required warning message. Then ...
Gorkem KARA's user avatar
  • 301
0 votes
1 answer
312 views

While recently submitting a app it got rejected saying Vulnerability: Path Traversal Your app(s) are using a content provider with an unsafe implementation of openFile. Google suggested two solutions ...
Allen Savio's user avatar
  • 151
16 votes
4 answers
3k views

This recently popped out pre-launch report, once I published minor update to app. I've seen also couple of similar recently in other projects, with class names obfuscated in exactly same name (bjqm.* ...
Erkki Nokso-Koivisto's user avatar
  • 1,290
1 vote
0 answers
321 views

Trying to publish an app and got the following: Unsafe Encryption Your app contains unsafe cryptographic encryption patterns. Please see this Google Help Center article for details. q0.e0.c ...
Rik's user avatar
  • 21
0 votes
0 answers
140 views

I am getting this issue from Google Play Console. What things goes as below 1. App's first screen will be code verification so once user enter code, there is one api call and in response we receiving ...
AiVision's user avatar
  • 4,263
1 vote
0 answers
124 views

I'm currently having an issue trying to get my android app accepted by Google. Upon pushing the app to the Google Play Store I keep getting rejected with the following email: Your app(s) are using an ...
Keelan's user avatar
  • 21
0 votes
0 answers
449 views

While trying to upload the app on Play store it shows the unsafe cipher error and points towards a encryption function. I have a function taking input a image and converting it to bitmap and than to ...
Fawwaz Ali's user avatar
  • 57
5 votes
1 answer
132 views

I have an SDK that contains MYSDKActivity. In this activity layout, I have 1 edit text where the user can enter his card number. Any android Client who is integrating this SDK, can use ...
Kishan Maurya's user avatar
  • 3,414
0 votes
1 answer
148 views

I have used the latest razorpay_flutter: ^1.3.4 dependency in the app. when uploaded to place console i received mail from the team as " Intent Redirection Your app(s) are vulnerable to Intent ...
Red and Blue Yo's user avatar
  • 31
0 votes
1 answer
415 views

I want to use one secure key to encrypt and decrypt data on device without saving it in SharedPreferences or DataStore. I want to generate that key using in app authorization (passcode and biometrics)....
Wolf's user avatar
  • 127
0 votes
1 answer
1k views

I got an warning from google to Change encryption mode from "AES/ECB/PKCS5Padding" to "AES/GCM/NoPadding". After changing I need to be compatible with the old data which is ...
Diya Bhat's user avatar
  • 255
1 vote
0 answers
172 views

We have deveoloped an Flutter application. We use the following package 'webview_flutter' for WebView display in flutter application. Application works fine with android. We published an app bundle in ...
Raghu Mudem's user avatar
  • 7,008
0 votes
1 answer
2k views

I have updated the version of a library from: ` from 'androidx.biometric:biometric:1.0.1' to -> 'androidx.biometric:biometric:1.1.0' I saw that there are new possible errors and I was wondering ...
Red Coder's user avatar
  • 145
0 votes
1 answer
1k views

I have seen some examples to convert java.security.PublicKey to JWK but I could not find an example to convert java.security.PrivateKey to JWK (JSON) format in Android. Is that even possible? Is there ...
Ashwin's user avatar
  • 81
0 votes
0 answers
189 views

In my Play Developer console I see the following message for an updated android app I have in my store: Vulnerable Libraries Your app contains one or more libraries with known security issues. Please ...
Etsenumhe Timothy's user avatar
  • 1
2 votes
1 answer
920 views

Currently, I’m creating a new SDK that contains sensitive fields that shouldn’t be read by the consumers (Think Credit Card Number field) and I’m using Jetpack Compose to create the forms, my question ...
Mahmoud Elshamy's user avatar
  • 598
1 vote
0 answers
641 views

I am an Android developer. I released an app for internal public testing and the following error was listed in the pre-release report summary. "How to fix apps with bad WebRTC versions." ...
user20448018's user avatar
  • 11
3 votes
1 answer
3k views

I created an app and added root detection. I searched it on internet and discussed it on some forums, but nothing works. Can someone help me about this issue? I tried these several possibility ...
Muhammad Abraham Alkindy's user avatar
  • 39
0 votes
1 answer
248 views

I am resolving some security defects for my app. Defect is: Should not allow release app to be run in emulator Release app should not be debuggable Should not connect to debugger Release app should ...
Happy's user avatar
  • 1,091
7 votes
1 answer
6k views

Google play have a new error/warning from the last days about the WebRTC library that I use. I use this library for almost a year. google-webrtc-1.0.32006.aar My app is still available but they ask ...
kfir's user avatar
  • 775
0 votes
1 answer
704 views

I have an error in Google play, AES/ECB/NoPadding Unsafe Encryption Mode Usage, I rely on it to communicate with beacons in the field, and for my API (which also uses this encryption). It contains no ...
Álvaro 's user avatar
  • 1
0 votes
1 answer
691 views

Google play store gives me this error when I am trying to send my application for review. Your app is using a version of libjpeg-turbo containing a security vulnerability. Please see this Google Help ...
Cristi's user avatar
  • 1,608

1
2 3 4 5
13