Android

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user Stephanie Colton

Saved on

compared with

New Version Current

changes.mady.by.user Stephanie Colton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added CWE related guideline 264

...

Code Block
bgColor#CCCCFF
 <configuration>   
 <compilation debug="true"/> 
 </configuration>

...

Risk Assessment
Releasing an app with its android:debuggable attribute set to true can leak sensitive information. In addition, the app is vulnerable to decompilation, resulting in alteration to source code.Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the framework, database, or other resources used by the application.
...
 CWE359: Exposure of Private Information
CWE264: Permissions, Privileges, and Access Controls
Bibliography
ASP.NET Misconfiguration: Creating Debug Binary http://www.ids-sax2.com/Knowledgebase/NetworkSecurity/Creating-Debug-Binary.htm
...