Insecure Functionality Exposed in Android
Play Android Labs on this vulnerability with SecureFlag!
Description
This broad category comprises all the instances in which an insecure, or otherwise unexpected, functionality is exposed to the users. Examples range from leftover debug facilities to any piece of information that could aid an attacker in setting foot in or gaining knowledge about the application’s backend server.
Impact
The resulting impact ranges wildly in scale and severity; an exposure may potentially be confined to the victim’s device or lead to the complete compromise of the backend.
Prevention
Enriching the test suite or the continuous integration pipeline with checks that are designed to expect or anticipate the ‘unexpected’ is a prudent strategy to avoid cases in which certain unwanted functionalities slip into production builds.