Sensitive data leakage
Transmit the user name, password and a verification code and other sensitive information
sensitive information in the local encrypted storage
leak backend server address.
Side channel leakage of information
without user confirmation call sensitive functions
Authentication mechanism defect
Is not a valid token mechanism, leading to bypass authentication
can modify the transmission of data, resulting in unauthorized access to
log on design flaws, there is a risk of violence to crack
use SMS business logic flaws making bombs
Fishing hijack risk
Code inadequate protection
You can recompile the package
WebView vulnerability
SQL injection vulnerabilities
Common Components vulnerability
Component Content Provider configuration error, resulting in data leakage
component Activity configuration errors, leading to the login page is bypassed
Components Service configuration errors, leading to privilege escalation illegal
assembly Broadcast Receiver configuration errors, leading to a denial of service, unauthorized illegal
Application configuration error
Close allowbackup backup
close Debuggable property, to prevent tampering with the application of information leakage risks
Malware / trojan / virus