• Useful? You are welcome to donate with BitCoin
    1CgMQ2UXV6S5vyFYArMMe9Ry3Z654Xy4Mn

Customized SSL

  • Severity: critical
  • Check certificate validation. Do not create or redefine X509Certificate class methods by yourself, if you don't understand risks. Use the existing API.
  • Affected files:
  • classes.dex
  • => Lch/boye/httpclientandroidlib/conn/ssl/TrustManagerDecorator;
          ->  Lch/boye/httpclientandroidlib/conn/ssl/SSLSocketFactory;->createSSLContext(Ljava/lang/String; Ljava/security/KeyStore; Ljava/lang/String; Ljava/security/KeyStore; Ljava/security/SecureRandom; Lch/boye/httpclientandroidlib/conn/ssl/TrustStrategy;)Ljavax/net/ssl/SSLContext;
  • => Lch/boye/httpclientandroidlib/conn/ssl/TrustManagerDecorator;
          ->  Lch/boye/httpclientandroidlib/conn/ssl/SSLSocketFactory;->createSSLContext(Ljava/lang/String; Ljava/security/KeyStore; Ljava/lang/String; Ljava/security/KeyStore; Ljava/security/SecureRandom; Lch/boye/httpclientandroidlib/conn/ssl/TrustStrategy;)Ljavax/net/ssl/SSLContext;

WebView files access

  • Severity: medium
  • Control of WebView context allows to access local files.
  • Affected files:
  • classes.dex
  • Lcom/facebook/widget/WebDialog;->setUpWebView(I)V
    Lcom/google/android/gms/internal/eo;->a(Landroid/content/Context; Ljava/lang/String; Landroid/webkit/WebSettings;)V
    Lcom/google/android/gms/internal/eo;->o(Landroid/content/Context;)Ljava/lang/String;
    Lcom/google/android/gms/internal/eq;->a(Landroid/content/Context; Landroid/webkit/WebSettings;)V
    Lcom/google/android/gms/internal/er;->a(Landroid/content/Context; Landroid/webkit/WebSettings;)V
    Lcom/google/android/gms/internal/er;->getDefaultUserAgent(Landroid/content/Context;)Ljava/lang/String;
    Lcom/google/android/gms/internal/ex;-><init>(Lcom/google/android/gms/internal/ex$a; Lcom/google/android/gms/internal/al; Z Z Lcom/google/android/gms/internal/k; Lcom/google/android/gms/internal/ev;)V
    Lcom/mastercard/nearby/MCApps;->onCreate(Landroid/os/Bundle;)V

Dynamic Code Loading

  • Severity: medium
  • Code for 'DexClassLoader' could be tampered.
  • Affected files:
  • classes.dex
  • => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0xaa) ---> Ldalvik/system/DexClassLoader;-><init>(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/ClassLoader;)V
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0xc0) ---> Ldalvik/system/DexClassLoader;->loadClass(Ljava/lang/String;)Ljava/lang/Class;
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0xd8) ---> Ldalvik/system/DexClassLoader;->loadClass(Ljava/lang/String;)Ljava/lang/Class;
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0xf0) ---> Ldalvik/system/DexClassLoader;->loadClass(Ljava/lang/String;)Ljava/lang/Class;
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x108) ---> Ldalvik/system/DexClassLoader;->loadClass(Ljava/lang/String;)Ljava/lang/Class;
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x120) ---> Ldalvik/system/DexClassLoader;->loadClass(Ljava/lang/String;)Ljava/lang/Class;
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x138) ---> Ldalvik/system/DexClassLoader;->loadClass(Ljava/lang/String;)Ljava/lang/Class;
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x150) ---> Ldalvik/system/DexClassLoader;->loadClass(Ljava/lang/String;)Ljava/lang/Class;
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x168) ---> Ldalvik/system/DexClassLoader;->loadClass(Ljava/lang/String;)Ljava/lang/Class;

WebView JavaScript enabled

  • Severity: medium
  • WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
  • Affected files:
  • classes.dex
  • => Lcom/facebook/widget/WebDialog;->setUpWebView(I)V (0x64) ---> Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V
    => Lcom/google/android/gms/internal/ex;-><init>(Lcom/google/android/gms/internal/ex$a; Lcom/google/android/gms/internal/al; Z Z Lcom/google/android/gms/internal/k; Lcom/google/android/gms/internal/ev;)V (0x5a) ---> Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V
    => Lcom/mastercard/nearby/MCApps;->onCreate(Landroid/os/Bundle;)V (0x44) ---> Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V

Certificates or keys found

External URLs

  • Severity: notice
  • Were do they point?
  • Affected files:
  • classes.dex
  • http://.*google\.com/.*
    http://a9.com/-/spec/opensearch/1.1/
    http://a9.com/-/spec/opensearchdescription/1.0/
    http://a9.com/-/spec/opensearchdescription/1.1/
    http://a9.com/-/spec/opensearchrss/1.0/
    http://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
    http://googleads.g.doubleclick.net/mads/static/sdk/native/sdk-core-v40.html
    http://javax.xml.XMLConstants/feature/secure-processing
    http://m.mastercard.ca/fr/personal-select.html?cmp=nearby.mobile
    http://m.mastercard.ca/personal-select.html?cmp=nearby.mobile
    http://m.mastercard.com/apps/nearby/legal/privacypolicy.html
    http://m.mastercard.com/apps/nearby/legal/termsofuse.html
    http://m.mastercard.us/fac/select-product.html?cmp=nearby.mobile
    http://maps.google.co.in/maps?q=
    http://maps.google.com/maps?saddr=
    http://mastercard.com/payments
    http://mclaunch.commerceinnovated.com
    http://media.admob.com/mraid/v1/mraid_app_banner.js
    http://media.admob.com/mraid/v1/mraid_app_expanded_banner.js
    http://media.admob.com/mraid/v1/mraid_app_interstitial.js
    http://plus.google.com/
    http://purl.org/atom/app#
    http://purl.org/dc/terms
    http://purl.org/dc/terms#
    http://purl.org/syndication/thread/1.0
    http://purl.org/syndication/thread/1.0#
    http://schemas.google.com/acl/2007
    http://schemas.google.com/acl/2007#
    http://schemas.google.com/acl/2007#accessControlList
    http://schemas.google.com/acl/2007#accessRule
    http://schemas.google.com/acl/2007#controlledObject
    http://schemas.google.com/g/2005
    http://schemas.google.com/g/2005#
    http://schemas.google.com/g/2005#AIM
    http://schemas.google.com/g/2005#GOOGLE_TALK
    http://schemas.google.com/g/2005#ICQ
    http://schemas.google.com/g/2005#JABBER
    http://schemas.google.com/g/2005#MSN
    http://schemas.google.com/g/2005#NETMEETING
    http://schemas.google.com/g/2005#QQ
    http://schemas.google.com/g/2005#SKYPE
    http://schemas.google.com/g/2005#YAHOO
    http://schemas.google.com/g/2005#assistant
    http://schemas.google.com/g/2005#batch
    http://schemas.google.com/g/2005#both
    http://schemas.google.com/g/2005#callback
    http://schemas.google.com/g/2005#car
    http://schemas.google.com/g/2005#company_main
    http://schemas.google.com/g/2005#event
    http://schemas.google.com/g/2005#event.accepted
    http://schemas.google.com/g/2005#event.alternate
    http://schemas.google.com/g/2005#event.attendee
    http://schemas.google.com/g/2005#event.canceled
    http://schemas.google.com/g/2005#event.confidential
    http://schemas.google.com/g/2005#event.confirmed
    http://schemas.google.com/g/2005#event.declined
    http://schemas.google.com/g/2005#event.default
    http://schemas.google.com/g/2005#event.invited
    http://schemas.google.com/g/2005#event.opaque
    http://schemas.google.com/g/2005#event.optional
    http://schemas.google.com/g/2005#event.organizer
    http://schemas.google.com/g/2005#event.parking
    http://schemas.google.com/g/2005#event.performer
    http://schemas.google.com/g/2005#event.private
    http://schemas.google.com/g/2005#event.public
    http://schemas.google.com/g/2005#event.required
    http://schemas.google.com/g/2005#event.speaker
    http://schemas.google.com/g/2005#event.tentative
    http://schemas.google.com/g/2005#event.transparent
    http://schemas.google.com/g/2005#fax
    http://schemas.google.com/g/2005#feed
    http://schemas.google.com/g/2005#general
    http://schemas.google.com/g/2005#home
    http://schemas.google.com/g/2005#home_fax
    http://schemas.google.com/g/2005#isdn
    http://schemas.google.com/g/2005#kind
    http://schemas.google.com/g/2005#letters
    http://schemas.google.com/g/2005#local
    http://schemas.google.com/g/2005#main
    http://schemas.google.com/g/2005#message
    http://schemas.google.com/g/2005#message.bcc
    http://schemas.google.com/g/2005#message.cc
    http://schemas.google.com/g/2005#message.from
    http://schemas.google.com/g/2005#message.reply-to
    http://schemas.google.com/g/2005#message.to
    http://schemas.google.com/g/2005#mobile
    http://schemas.google.com/g/2005#neither
    http://schemas.google.com/g/2005#other
    http://schemas.google.com/g/2005#other_fax
    http://schemas.google.com/g/2005#overall
    http://schemas.google.com/g/2005#pager
    http://schemas.google.com/g/2005#parcels
    http://schemas.google.com/g/2005#post
    http://schemas.google.com/g/2005#price
    http://schemas.google.com/g/2005#quality
    http://schemas.google.com/g/2005#radio
    http://schemas.google.com/g/2005#resumable-create-media
    http://schemas.google.com/g/2005#resumable-edit-media
    http://schemas.google.com/g/2005#runtime
    http://schemas.google.com/g/2005#shared
    http://schemas.google.com/g/2005#task.assigned-to
    http://schemas.google.com/g/2005#telex
    http://schemas.google.com/g/2005#tty_tdd
    http://schemas.google.com/g/2005#work
    http://schemas.google.com/g/2005#work_fax
    http://schemas.google.com/g/2005#work_mobile
    http://schemas.google.com/g/2005#work_pager
    http://schemas.google.com/gdata/batch
    http://schemas.google.com/gdata/config/2005
    http://ws.mastercard.com/locationmanagementservice/services/
    http://www.georss.org/georss
    http://www.google.com
    http://www.mastercard.com
    http://www.mastercard.com/common/images/mrk_mastercard.gif
    http://www.mastercard.us/_assets/docs/GlobalServiceTollfreeNumbers.pdf
    http://www.mastercard.us/support/index.html
    http://www.mastercard.us/support/masterCard-nearby.html
    http://www.opengis.net/gml
    https://.facebook.com
    https://api.%s/method
    https://api.facebook.com/restserver.php
    https://api.mastercard.com/atms/v1/
    https://api.mastercard.com/merchants/v1/
    https://api.mastercard.com/offers/v1/
    https://api.mastercard.com/payments/v1/
    https://api.mastercard.com/payments/v2/
    https://facebook.com
    https://graph.%s
    https://graph.facebook.com/
    https://graph.facebook.com/%s/picture
    https://m.facebook.com/dialog/
    https://sandbox.api.mastercard.com/atms/v1/
    https://sandbox.api.mastercard.com/merchants/v1/
    https://sandbox.api.mastercard.com/offers/v1/
    https://sandbox.api.mastercard.com/payments/v1/
    https://sandbox.api.mastercard.com/payments/v2/
    https://ssl.google-analytics.com/collect
    https://www.google.com/accounts/AuthSubRevokeToken
    https://www.google.com/accounts/OAuthAuthorizeToken
    https://www.google.com/accounts/OAuthGetAccessToken
    https://www.google.com/accounts/OAuthGetRequestToken
    https://www.googleapis.com/auth/appstate
    https://www.googleapis.com/auth/datastoremobile
    https://www.googleapis.com/auth/drive
    https://www.googleapis.com/auth/drive.appdata
    https://www.googleapis.com/auth/drive.apps
    https://www.googleapis.com/auth/drive.file
    https://www.googleapis.com/auth/games
    https://www.googleapis.com/auth/games.firstparty
    https://www.googleapis.com/auth/plus.login
    https://www.googleapis.com/auth/plus.me
    https://www.googletagmanager.com
  • http://.*google\.com/.*
    http://a9.com/-/spec/opensearch/1.1/
    http://a9.com/-/spec/opensearchdescription/1.0/
    http://a9.com/-/spec/opensearchdescription/1.1/
    http://a9.com/-/spec/opensearchrss/1.0/
    http://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
    http://googleads.g.doubleclick.net/mads/static/sdk/native/sdk-core-v40.html
    http://javax.xml.XMLConstants/feature/secure-processing
    http://m.mastercard.ca/fr/personal-select.html?cmp=nearby.mobile
    http://m.mastercard.ca/personal-select.html?cmp=nearby.mobile
    http://m.mastercard.com/apps/nearby/legal/privacypolicy.html
    http://m.mastercard.com/apps/nearby/legal/termsofuse.html
    http://m.mastercard.us/fac/select-product.html?cmp=nearby.mobile
    http://maps.google.co.in/maps?q=
    http://maps.google.com/maps?saddr=
    http://mastercard.com/payments
    http://mclaunch.commerceinnovated.com
    http://media.admob.com/mraid/v1/mraid_app_banner.js
    http://media.admob.com/mraid/v1/mraid_app_expanded_banner.js
    http://media.admob.com/mraid/v1/mraid_app_interstitial.js
    http://plus.google.com/
    http://purl.org/atom/app#
    http://purl.org/dc/terms
    http://purl.org/syndication/thread/1.0
    http://schemas.google.com/acl/2007
    http://schemas.google.com/acl/2007#accessRule
    http://schemas.google.com/g/2005
    http://schemas.google.com/g/2005#
    http://schemas.google.com/g/2005#AIM
    http://schemas.google.com/g/2005#GOOGLE_TALK
    http://schemas.google.com/g/2005#ICQ
    http://schemas.google.com/g/2005#JABBER
    http://schemas.google.com/g/2005#MSN
    http://schemas.google.com/g/2005#NETMEETING
    http://schemas.google.com/g/2005#QQ
    http://schemas.google.com/g/2005#SKYPE
    http://schemas.google.com/g/2005#YAHOO
    http://schemas.google.com/g/2005#assistant
    http://schemas.google.com/g/2005#batch
    http://schemas.google.com/g/2005#both
    http://schemas.google.com/g/2005#callback
    http://schemas.google.com/g/2005#car
    http://schemas.google.com/g/2005#company_main
    http://schemas.google.com/g/2005#event
    http://schemas.google.com/g/2005#event.accepted
    http://schemas.google.com/g/2005#event.alternate
    http://schemas.google.com/g/2005#event.attendee
    http://schemas.google.com/g/2005#event.canceled
    http://schemas.google.com/g/2005#event.confidential
    http://schemas.google.com/g/2005#event.confirmed
    http://schemas.google.com/g/2005#event.declined
    http://schemas.google.com/g/2005#event.default
    http://schemas.google.com/g/2005#event.invited
    http://schemas.google.com/g/2005#event.opaque
    http://schemas.google.com/g/2005#event.optional
    http://schemas.google.com/g/2005#event.organizer
    http://schemas.google.com/g/2005#event.parking
    http://schemas.google.com/g/2005#event.performer
    http://schemas.google.com/g/2005#event.private
    http://schemas.google.com/g/2005#event.public
    http://schemas.google.com/g/2005#event.required
    http://schemas.google.com/g/2005#event.speaker
    http://schemas.google.com/g/2005#event.tentative
    http://schemas.google.com/g/2005#event.transparent
    http://schemas.google.com/g/2005#fax
    http://schemas.google.com/g/2005#general
    http://schemas.google.com/g/2005#home
    http://schemas.google.com/g/2005#home_fax
    http://schemas.google.com/g/2005#isdn
    http://schemas.google.com/g/2005#kind
    http://schemas.google.com/g/2005#letters
    http://schemas.google.com/g/2005#local
    http://schemas.google.com/g/2005#main
    http://schemas.google.com/g/2005#message
    http://schemas.google.com/g/2005#message.bcc
    http://schemas.google.com/g/2005#message.cc
    http://schemas.google.com/g/2005#message.from
    http://schemas.google.com/g/2005#message.reply-to
    http://schemas.google.com/g/2005#message.to
    http://schemas.google.com/g/2005#mobile
    http://schemas.google.com/g/2005#neither
    http://schemas.google.com/g/2005#other
    http://schemas.google.com/g/2005#other_fax
    http://schemas.google.com/g/2005#overall
    http://schemas.google.com/g/2005#pager
    http://schemas.google.com/g/2005#parcels
    http://schemas.google.com/g/2005#post
    http://schemas.google.com/g/2005#price
    http://schemas.google.com/g/2005#quality
    http://schemas.google.com/g/2005#radio
    http://schemas.google.com/g/2005#resumable-edit-media
    http://schemas.google.com/g/2005#runtime
    http://schemas.google.com/g/2005#shared
    http://schemas.google.com/g/2005#task.assigned-to
    http://schemas.google.com/g/2005#telex
    http://schemas.google.com/g/2005#tty_tdd
    http://schemas.google.com/g/2005#work
    http://schemas.google.com/g/2005#work_fax
    http://schemas.google.com/g/2005#work_mobile
    http://schemas.google.com/g/2005#work_pager
    http://schemas.google.com/gdata/batch
    http://schemas.google.com/gdata/config/2005
    http://ws.mastercard.com/locationmanagementservice/services/
    http://www.georss.org/georss
    http://www.google.com
    http://www.mastercard.com
    http://www.mastercard.com/common/images/mrk_mastercard.gif
    http://www.mastercard.us/_assets/docs/GlobalServiceTollfreeNumbers.pdf
    http://www.mastercard.us/support/index.html
    http://www.mastercard.us/support/masterCard-nearby.html
    http://www.opengis.net/gml

Unsafe deleting

  • Severity: notice
  • All items deleted with 'file.delete()' could be recovered.
  • Affected files:
  • classes.dex
  • => Lcom/facebook/AppEventsLogger$PersistedEvents;->readAndClearStore()V (0x42) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache$2;->run()V (0x12) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache$BufferFile;->deleteAll(Ljava/io/File;)V (0x22) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache;->renameToTargetAndTrim(Ljava/lang/String; Ljava/io/File;)V (0x22) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache;->trim()V (0x184) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache;->openPutStream(Ljava/lang/String; Ljava/lang/String;)Ljava/io/OutputStream; (0x10) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/Utility;->deleteDirectory(Ljava/io/File;)V (0x2a) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/analytics/ac$a;->getWritableDatabase()Landroid/database/sqlite/SQLiteDatabase; (0x9e) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/tagmanager/ca$b;->getWritableDatabase()Landroid/database/sqlite/SQLiteDatabase; (0x9e) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/tagmanager/v$a;->getWritableDatabase()Landroid/database/sqlite/SQLiteDatabase; (0x32) ---> Ljava/io/File;->delete()Z
    => Lcom/mastercard/nearby/NearbyApplication;->deleteDir(Ljava/io/File;)Z (0x20) ---> Ljava/io/File;->delete()Z
    => Lch/boye/httpclientandroidlib/impl/client/cache/FileResource;->dispose()V (0x18) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/NativeAppCallAttachmentStore;->addAttachments(Landroid/content/Context; Ljava/util/UUID; Ljava/util/Map; Lcom/facebook/NativeAppCallAttachmentStore$ProcessAttachment;)V (0xd6) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache$1;->onClose()V (0x24) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/common/data/a;->eT()Ljava/io/FileOutputStream; (0x46) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x2c4) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x2e4) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x2f6) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x316) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/tagmanager/cp;->c(Lcom/google/android/gms/internal/le$a;)Z (0x54) ---> Ljava/io/File;->delete()Z
  • => Lcom/facebook/AppEventsLogger$PersistedEvents;->readAndClearStore()V (0x42) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache$2;->run()V (0x12) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache$BufferFile;->deleteAll(Ljava/io/File;)V (0x22) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache;->renameToTargetAndTrim(Ljava/lang/String; Ljava/io/File;)V (0x22) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache;->trim()V (0x184) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache;->openPutStream(Ljava/lang/String; Ljava/lang/String;)Ljava/io/OutputStream; (0x10) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/Utility;->deleteDirectory(Ljava/io/File;)V (0x2a) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/analytics/ac$a;->getWritableDatabase()Landroid/database/sqlite/SQLiteDatabase; (0x9e) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/tagmanager/ca$b;->getWritableDatabase()Landroid/database/sqlite/SQLiteDatabase; (0x9e) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/tagmanager/v$a;->getWritableDatabase()Landroid/database/sqlite/SQLiteDatabase; (0x32) ---> Ljava/io/File;->delete()Z
    => Lcom/mastercard/nearby/NearbyApplication;->deleteDir(Ljava/io/File;)Z (0x20) ---> Ljava/io/File;->delete()Z
    => Lch/boye/httpclientandroidlib/impl/client/cache/FileResource;->dispose()V (0x18) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/NativeAppCallAttachmentStore;->addAttachments(Landroid/content/Context; Ljava/util/UUID; Ljava/util/Map; Lcom/facebook/NativeAppCallAttachmentStore$ProcessAttachment;)V (0xd6) ---> Ljava/io/File;->delete()Z
    => Lcom/facebook/internal/FileLruCache$1;->onClose()V (0x24) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/common/data/a;->eT()Ljava/io/FileOutputStream; (0x46) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x2c4) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x2e4) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x2f6) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/internal/i;->h(Landroid/content/Context;)V (0x316) ---> Ljava/io/File;->delete()Z
    => Lcom/google/android/gms/tagmanager/cp;->c(Lcom/google/android/gms/internal/le$a;)Z (0x54) ---> Ljava/io/File;->delete()Z

Corrupted files

KeyStore usage

  • Severity: notice
  • The app uses Android KeyStore subsystem.
  • Affected files:
  • classes.dex
  • => Lcom/google/gdata/client/http/AuthSubUtil;->getPrivateKeyFromKeystore(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Ljava/security/PrivateKey; (0x24) ---> Ljava/security/KeyStore;->load(Ljava/io/InputStream; [C)V
    => Lcom/mastercard/api/MCApiClient;->getSocketFactory()Ljavax/net/ssl/SSLSocketFactory; (0x70) ---> Ljava/security/KeyStore;->load(Ljava/io/InputStream; [C)V
    => Lch/boye/httpclientandroidlib/conn/ssl/SSLSocketFactory;->createSystemSSLContext(Ljava/lang/String; Ljava/security/SecureRandom;)Ljavax/net/ssl/SSLContext; (0x158) ---> Ljava/security/KeyStore;->load(Ljava/io/InputStream; [C)V
    => Lch/boye/httpclientandroidlib/conn/ssl/SSLSocketFactory;->createSystemSSLContext(Ljava/lang/String; Ljava/security/SecureRandom;)Ljavax/net/ssl/SSLContext; (0x228) ---> Ljava/security/KeyStore;->load(Ljava/io/InputStream; [C)V
    => Lch/boye/httpclientandroidlib/conn/ssl/SSLSocketFactory;->createSystemSSLContext(Ljava/lang/String; Ljava/security/SecureRandom;)Ljavax/net/ssl/SSLContext; (0x2be) ---> Ljava/security/KeyStore;->load(Ljava/io/InputStream; [C)V

Suspicious files

  • For details, click on a bug's title.
  • To download the app, press button GET APP below.
  • Please remember, bugs found by the scanner should be verified manually.