0% found this document useful (0 votes)

10 views13 pages

Android

The document details the results of a security assessment of an Android application. It found 4 total risks, with 2 high risks and 2 medium risks. It provides details on the vulnerabilities found, including SSL pinning bypass, unprotected services and broadcast receivers, and the Janus vulnerability.

Uploaded by

karan kisnani

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

10 views13 pages

Android

Uploaded by

karan kisnani

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 13

01/04/2024

TableofContents

Contents
1. TESTPARAMETERS.......................................................................................................................3
2. RESULTSUMMARY......................................................................................................................3
3. TESTTARGETS..............................................................................................................................4
4. RISKRESULTS...............................................................................................................................4
5. ASSESSMENTRESULTS.................................................................................................................5
SSL Pinning Bypasss........................................................................................................................5
Severity:.....................................................................................................................................5
Affected URL: ae.damanhealth.daman.........................................................................................5
Affected Parameter: None...........................................................................................................5
Payload:......................................................................................................................................5
Description:................................................................................................................................5
Impact........................................................................................................................................5
SSL pinning bypass techniques enable attackers to intercept and manipulate
sensitive data, compromising confidentiality, integrity, and potentially leading to
severe consequences such as data breaches and financial losses....................................5
Remediation...............................................................................................................................5
Proof Of Concept........................................................................................................................6
Service (com.wix.reactnativenotifications.fcm.FcmInstanceIdListenerService) is not Protected..........7
Severity:.....................................................................................................................................7
Affected URL: ae.damanhealth.daman.........................................................................................7
Affected Parameter:....................................................................................................................7
Payload: NONE............................................................................................................................7
Description:................................................................................................................................7
Impact........................................................................................................................................7
Leaving the service unprotected can lead to unauthorized access, data exposure,
security risks, user privacy violations, and application integrity issues, posing
significant risks to the security, privacy, and integrity of the application and its users.
...................................................................................................................................................7
Remediation...............................................................................................................................7
Proof Of Concept........................................................................................................................8
Janus Vulnerability.....................................................................................................................9
Severity:.....................................................................................................................................9
Affected URL:..............................................................................................................................9

1|Page
Description:................................................................................................................................9
The Janus vulnerability is a security flaw in Android apps that allows attackers to
inject malicious code into APK files without altering their cryptographic signatures.
This vulnerability enables attackers to modify the app's behavior or steal sensitive
data without being detected by the app's verification mechanisms...............................9
Application is signed with v1 signature scheme, making it vulnerable to Janus
vulnerability on Android 5.0-8.0, if signed only with v1 signature scheme.
Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also
vulnerable................................................................................................................................9
Impact........................................................................................................................................9
The Janus vulnerability allows attackers to inject malicious code into Android apps
without invalidating their cryptographic signatures, enabling them to execute
unauthorized actions, steal data, and compromise user privacy and security...............9
Remediation...............................................................................................................................9
Proof Of Concept......................................................................................................................10
Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver).................................11
Severity:....................................................................................................................................11
Affected URL:............................................................................................................................11
Description:...............................................................................................................................11
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]. .11
A Broadcast Receiver is found to be shared with other apps on the device therefore
leaving it accessible to any other application on the device. It is protected by a
permission which is not defined in the analysed application. As a result, the
protection level of the permission should be checked where it is defined. If it is set to
normal or dangerous, a malicious application can request and obtain the permission
and interact with the component. If it is set to signature, only applications signed
with the same certificate can obtain the permission.......................................................11
Impact......................................................................................................................................11
Broadcast receivers facilitate communication between Android components and
apps. However, if not secured properly, they can lead to unauthorized access, data
leakage, and privacy violations...........................................................................................11
Remediation.............................................................................................................................11
Unprotected broadcast receiver , check the permission defined on the application and ensure it
is set to signature , this ensure only applications signed with the same certificate can obtain the
permission................................................................................................................................11
Proof Of Concept......................................................................................................................12

2|Page
1. TESTPARAMETERS

TestStartDate 15/10/2024
TestEndDate 07/03/2024
TestTime 09:00–17:30IST
TestType Android Application
Test Technique BackBox
Test Limitations NoDos,NoLoadTesting,NoSocialEngineering

2. RESULTSUMMARY

RiskLevel RisksFound
Critical 0
High 2
Medium 2
Low 0
Total 4

RiskAnalytics
2.5

1.5

0.5

0
Critical High Medium Low

Critical High Medium Low

3|Page
3. TESTTARGETS

Applicatiuon: ae.damanhealth.daman

4. RISKRESULTS

VulnerabilityName Severity
SSL Pinning By Pass High
Service High
(com.wix.reactnativenotifications.fcm.FcmIns
tanceIdListenerService) is not Protected
Janus Vulnerability Medium
Broadcast Receiver Medium

4|Page
5. ASSESSMENTRESULTS

SSL Pinning Bypasss

Severity:
HIGH

Affected URL: ae.damanhealth.daman

Affected Parameter: None

Payload:
NONE

Description:
SSL pinning bypass techniques include exploiting pinning implementation flaws, dynamic
instrumentation with tools like Frida, reverse engineering for extracting keys, hooking libraries, using
MITM proxies, and employing custom SSL trust managers.

Impact
SSL pinning bypass techniques enable attackers to intercept and manipulate sensitive data,
compromising confidentiality, integrity, and potentially leading to severe consequences such as data
breaches and financial losses.

Remediation
To mitigate pinning bypass on Android applications, the following steps can be taken:
1. Ensure that SSL pinning is correctly implemented in the application, using trusted and authorized
certificates. Follow
best practices for SSL pinning to make it harder to bypass.
2. Apply code obfuscation techniques to make it difficult for attackers to understand and modify the
app’s code, including
the SSL pinning implementation.
3. Utilize Runtime Application Self-Protection (RASP) solutions that monitors and defends against
dynamic attacks,
including SSL pinning bypass attempts.
4. Employ techniques like checksum verification, code integrity checks, or binary hardening to detect
and prevent modifi-
cations to the application’s code or resources.

5|Page
Proof Of Concept

6|Page
Service (com.wix.reactnativenotifications.fcm.FcmInstanceIdListenerService) is not Protected
Severity:
HIGH

Affected URL: ae.damanhealth.daman

Affected Parameter:

Payload: NONE

Description:
A Service is found to be shared with other apps on the device therefore leaving it accessible to any
other application on the device.
Impact
Leaving the service unprotected can lead to unauthorized access, data exposure, security risks, user
privacy violations, and application integrity issues, posing significant risks to the security, privacy, and
integrity of the application and its users.

Remediation
To remediate the unprotected service:

 Set android:exported to false.

 Review and limit intent filters.
 Apply permission checks.
 Conduct a security review.
 Perform regular security audits.

7|Page
Proof Of Concept

8|Page
Janus Vulnerability
Severity:
MEDIUM

Affected URL:

Description:
The Janus vulnerability is a security flaw in Android apps that allows attackers to inject malicious code
into APK files without altering their cryptographic signatures. This vulnerability enables attackers to
modify the app's behavior or steal sensitive data without being detected by the app's verification
mechanisms.

Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android
5.0-8.0, if signed only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1,
and v2/v3 scheme is also vulnerable.

Impact

The Janus vulnerability allows attackers to inject malicious code into Android apps without invalidating
their cryptographic signatures, enabling them to execute unauthorized actions, steal data, and
compromise user privacy and security.

Remediation
Janus vulnerability by implementing signature verification checks at runtime, regularly updating apps
with security patches, and utilizing code obfuscation techniques to thwart malicious injection attempts.

9|Page
Proof Of Concept

10|Page
Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver)
Severity:
MEDIUM

Affected URL:

Description:
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]

A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible
to any other application on the device. It is protected by a permission which is not defined in the
analysed application. As a result, the protection level of the permission should be checked where it is
defined. If it is set to normal or dangerous, a malicious application can request and obtain the
permission and interact with the component. If it is set to signature, only applications signed with the
same certificate can obtain the permission.

Impact

Broadcast receivers facilitate communication between Android components and apps. However, if not
secured properly, they can lead to unauthorized access, data leakage, and privacy violations.

Remediation
Unprotected broadcast receiver , check the permission defined on the application and ensure it is set
to signature , this ensure only applications signed with the same certificate can obtain the permission

11|Page
Proof Of Concept

12|Page

Downloadable Official CompTIA Security+ Student Guide
100% (11)
Downloadable Official CompTIA Security+ Student Guide
628 pages
Web Report
No ratings yet
Web Report
10 pages
Test Cases For Irctc 21
58% (26)
Test Cases For Irctc 21
14 pages
Web Application Advanced
No ratings yet
Web Application Advanced
118 pages
Gti 2500 Manual
100% (1)
Gti 2500 Manual
105 pages
Cybersecurity Concerns for Users
No ratings yet
Cybersecurity Concerns for Users
36 pages
IBM Secret Server APIs
No ratings yet
IBM Secret Server APIs
30 pages
Aarogyasetu Static Report
No ratings yet
Aarogyasetu Static Report
19 pages
DefCamp 2016 Chemerkin Yury - Publish
No ratings yet
DefCamp 2016 Chemerkin Yury - Publish
62 pages
Mobile Appsec Testing Checklist
No ratings yet
Mobile Appsec Testing Checklist
1 page
Red Team Mobile Application Example Draft
No ratings yet
Red Team Mobile Application Example Draft
28 pages
Report 1
No ratings yet
Report 1
29 pages
MobSF Static Analysis Report
No ratings yet
MobSF Static Analysis Report
19 pages
Index
No ratings yet
Index
27 pages
SBAP Best Practices
No ratings yet
SBAP Best Practices
7 pages
VA Report Koota Apk
No ratings yet
VA Report Koota Apk
33 pages
HackMiami 2017 Chemerkin Yury
No ratings yet
HackMiami 2017 Chemerkin Yury
52 pages
Android Pentest Checklist
No ratings yet
Android Pentest Checklist
12 pages
Android App Pentesting Checklist by @hrishikesh7665
No ratings yet
Android App Pentesting Checklist by @hrishikesh7665
43 pages
Johnson Unprotected Broadcasts in Android 9 and 10 WP
No ratings yet
Johnson Unprotected Broadcasts in Android 9 and 10 WP
15 pages
IBM APPSCAN Practice Teste 000-139
No ratings yet
IBM APPSCAN Practice Teste 000-139
18 pages
Mobiile Security Checklist-V1
No ratings yet
Mobiile Security Checklist-V1
36 pages
NLB Network Internal VA Final Report v1.4 - Unlocked
No ratings yet
NLB Network Internal VA Final Report v1.4 - Unlocked
1,409 pages
ZZ Presentations 2020 06
No ratings yet
ZZ Presentations 2020 06
26 pages
Unit - 3
No ratings yet
Unit - 3
19 pages
Ethical Hacking Application Testing
No ratings yet
Ethical Hacking Application Testing
2 pages
Banking App Damn Vulnerable
No ratings yet
Banking App Damn Vulnerable
5 pages
IBM 000-139 Exam Practice Guide
No ratings yet
IBM 000-139 Exam Practice Guide
17 pages
API Security Testing Assessment Report - TD
No ratings yet
API Security Testing Assessment Report - TD
14 pages
Android Security for Developers
No ratings yet
Android Security for Developers
60 pages
Mob SF
No ratings yet
Mob SF
18 pages
Chapter 8
No ratings yet
Chapter 8
72 pages
Tripwire VERT Hack Lab Cheat Sheet
No ratings yet
Tripwire VERT Hack Lab Cheat Sheet
2 pages
Gitlab Seismic Shift in Application Security Whitepaper
No ratings yet
Gitlab Seismic Shift in Application Security Whitepaper
16 pages
Static Analysis
No ratings yet
Static Analysis
44 pages
API Scenario Checklist - Latest
No ratings yet
API Scenario Checklist - Latest
5 pages
Penetration Test Report Template 1
No ratings yet
Penetration Test Report Template 1
7 pages
DZone - Securing Mobile Apps With Certificate Pinning
No ratings yet
DZone - Securing Mobile Apps With Certificate Pinning
7 pages
Android Bug Bounty for Startups
No ratings yet
Android Bug Bounty for Startups
8 pages
WAPT Checklist
No ratings yet
WAPT Checklist
5 pages
Secure Mobile Development
No ratings yet
Secure Mobile Development
102 pages
Automatic Detection of Security Deficiencies and Refactoring Advises For Microservices
No ratings yet
Automatic Detection of Security Deficiencies and Refactoring Advises For Microservices
10 pages
Application Security Testing Guide
No ratings yet
Application Security Testing Guide
4 pages
Web App Security Testing Guide
No ratings yet
Web App Security Testing Guide
53 pages
Mobile App Security Scan Report
No ratings yet
Mobile App Security Scan Report
9 pages
Igs Penetration Testing Datasheet
No ratings yet
Igs Penetration Testing Datasheet
5 pages
AppSweep - 01 - 22 - 2025
No ratings yet
AppSweep - 01 - 22 - 2025
25 pages
Security Assessment Solution
No ratings yet
Security Assessment Solution
19 pages
Test Mobile App Sec
No ratings yet
Test Mobile App Sec
9 pages
Ather Grid Android Tracksheet
No ratings yet
Ather Grid Android Tracksheet
31 pages
E de Android
No ratings yet
E de Android
11 pages
2024-CNFW-Test-Report-Versa Networks
No ratings yet
2024-CNFW-Test-Report-Versa Networks
25 pages
Root Detect
No ratings yet
Root Detect
72 pages
Power Platform - Power Apps Security Assessment Penetration Test (2024.03.27)
No ratings yet
Power Platform - Power Apps Security Assessment Penetration Test (2024.03.27)
10 pages
Mobile Security Checklist
No ratings yet
Mobile Security Checklist
27 pages
Cyber Ratings Enterprise Firewall Product Rating Report Chart
No ratings yet
Cyber Ratings Enterprise Firewall Product Rating Report Chart
6 pages
VAPT Report - Zero - Webappsecurity.com by Sudhakar Reddy-Updated
0% (1)
VAPT Report - Zero - Webappsecurity.com by Sudhakar Reddy-Updated
44 pages
Andorid Security Concerns
No ratings yet
Andorid Security Concerns
37 pages
Security Assessment Report 2023
No ratings yet
Security Assessment Report 2023
17 pages
Penetration Testing Reportmars 14, 2022: Prepared By: Email: Telephone
100% (1)
Penetration Testing Reportmars 14, 2022: Prepared By: Email: Telephone
19 pages
2 - Blockchain - Public-Key Cryptography
No ratings yet
2 - Blockchain - Public-Key Cryptography
22 pages
SQL Basics: Aggregates & Joins
No ratings yet
SQL Basics: Aggregates & Joins
52 pages
Offgrid Telecom Power Solutions
100% (1)
Offgrid Telecom Power Solutions
5 pages
Stability-Routh Hurwitz Root Locus
No ratings yet
Stability-Routh Hurwitz Root Locus
19 pages
Performance Tuning Guide As400
No ratings yet
Performance Tuning Guide As400
136 pages
HP Software and Driver Downloads For HP Printers, Laptops, Desktops and More - HP® Customer Support
No ratings yet
HP Software and Driver Downloads For HP Printers, Laptops, Desktops and More - HP® Customer Support
1 page
Standard 1
No ratings yet
Standard 1
3 pages
Subject Title: MICROCONTROLLER: 18EC46 Model Question Paper-2 With Effect From 2019-20 (CBCS Scheme)
No ratings yet
Subject Title: MICROCONTROLLER: 18EC46 Model Question Paper-2 With Effect From 2019-20 (CBCS Scheme)
2 pages
GT20 Quick Use Instruction
No ratings yet
GT20 Quick Use Instruction
3 pages
Lab 6-1 VLAN Configurations
No ratings yet
Lab 6-1 VLAN Configurations
14 pages
To Operating: Systems
No ratings yet
To Operating: Systems
564 pages
Ritu Kumari
No ratings yet
Ritu Kumari
3 pages
Dahua Intro & Products
No ratings yet
Dahua Intro & Products
68 pages
Sample Questions Graduate Hiring
No ratings yet
Sample Questions Graduate Hiring
33 pages
Mini Mk8 MM Manual 24.07.2020
No ratings yet
Mini Mk8 MM Manual 24.07.2020
194 pages
Vrontis 2021
No ratings yet
Vrontis 2021
31 pages
Presentation 3 PDF
No ratings yet
Presentation 3 PDF
8 pages
Fundamental Notes 3-6 Month Course
No ratings yet
Fundamental Notes 3-6 Month Course
5 pages
Migration POC
No ratings yet
Migration POC
10 pages
Carrier Aided Protection Scheme
No ratings yet
Carrier Aided Protection Scheme
4 pages
OS - Chapter - 4 - Memory Management
No ratings yet
OS - Chapter - 4 - Memory Management
48 pages
2 - Architecture and Organization
No ratings yet
2 - Architecture and Organization
22 pages
IND AS 115: Revenue Recognition Guide
No ratings yet
IND AS 115: Revenue Recognition Guide
21 pages
Real-ESRGAN: Synthetic Data Super-Resolution
No ratings yet
Real-ESRGAN: Synthetic Data Super-Resolution
10 pages
USA BATCH IIi
No ratings yet
USA BATCH IIi
92 pages
Cisco CCIE Lab 4.2 Configuration Guide
No ratings yet
Cisco CCIE Lab 4.2 Configuration Guide
67 pages
Mobile C-Arms
No ratings yet
Mobile C-Arms
1 page
Empower Tech
No ratings yet
Empower Tech
7 pages