Dialdroid Reporting

Mobile Application Audit Summary

POTENTIAL SECURITY

good

warning

error

INFORMATION APP

APP NAME

Sehatuk صحتك

DEVICE TYPE

Android

APP ID

com.dialy.sehadialy

TEST STARTED

October 3rd 2019, 18:18

APP VERSION

2.3.0

TEST FINISHED

October 3rd 2019, 18:45

Android manifest Analyse Result

The automated audit revealed the following security flaws and weaknesses that may impact the application:

Property

Debugging

The application does not generate debugging Messages.

Property

backup

The application does not create or restore a copy of its internal data.

Property

android.permission.INTERNET

The application asks for a SAFE PERMISSION, this kind of permission is granted automatically and do not violate the user privacy.

Property

android.permission.ACCESS_NETWORK_STATE

The application asks for a SAFE PERMISSION, this kind of permission is granted automatically and do not violate the user privacy.

Property

com.android.vending.BILLING

The application asks for a SAFE PERMISSION, this kind of permission is granted automatically and do not violate the user privacy.

Property

android.permission.WRITE_EXTERNAL_STORAGE

This permission Allows the application to write,modify or delete the contents of the SD card

Impact

Data stored in extrnal storage can be accessed by any application with read access or modified by any application with write access, this may violate data confidentiality and integrity.

Recommandation

it is highly recommended to use internal storag.

Location

AndroidManifest.xml

Screen


                <uses-permission
                xmlns:ns0="http://schemas.android.com/apk/res/android"
                ns0:maxSdkVersion="22"
                ns0:name="android.permission.WRITE_EXTERNAL_STORAGE" />

Data storage Analyse Result

Property

Log

No log is generated by the application. which reduce data leaking.

Property

android:longClickable

The clipboard is disabled in input fields. this practice lower the danger of leaking sensitive data.

Property

android:inputType

Keyboard Cache is disabled in input fields. this practice lower the danger of leaking sensitive data.

Property

android:inputType

the application does not expose sensitive data (passwords and pins) to the user interface.

Network parameters Analyse Result

Property

TLS

The application does not uses TLS secure channel consistely to encrypt data on the network.

Impact

Unsecure network communications lead session hijacking or data interception using man in the middle attacks.

Recommandation

you must consider using TLS for all network connections throughout the application, by using httpsurlconnection.

Location

yallaarabic/source/sources//sources/O00000Oo/O000000o/O000000o/O000000o/O000000o/O00000oO/O000o0.java

Screen


                Line 11 : import java.net.HttpURLConnectio;

DialyDroid Security

mobile app security audit

Mobile Application Audit Summary

Android manifest Analyse Result

Debugging

backup

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

com.android.vending.BILLING

android.permission.WRITE_EXTERNAL_STORAGE

Data stored in extrnal storage can be accessed by any application with read access or modified by any application with write access, this may violate data confidentiality and integrity.

it is highly recommended to use internal storag.

AndroidManifest.xml

Data storage Analyse Result

Log

android:longClickable

android:inputType

android:inputType

Network parameters Analyse Result

TLS

Unsecure network communications lead session hijacking or data interception using man in the middle attacks.

you must consider using TLS for all network connections throughout the application, by using httpsurlconnection.

yallaarabic/source/sources//sources/O00000Oo/O000000o/O000000o/O000000o/O000000o/O00000oO/O000o0.java