Copied to clipboard

App-ray security threats

Critical Risks Definition

Kobiton has just launched the app scanning process powered by App-Ray. Below are the threats which we consider as CRITICAL:

App-Ray Threat Explanation OWASP Top Ten Category
BINARY_BUSYBOX The app accesses the busybox binary, a multi-call binary. A multi-call binary is an executable program that performs the same job as more than one utility program. That means there is just a single BusyBox binary, but that single binary acts like a large number of utilities M1 – Improper Platform Usage
BINARY_SU The app accesses the su binary. It can use a security vulnerability ("root exploit") and "hard-rooting" by flashing a su binary executable, to gain root access without modifying the system partition of a device M1 – Improper Platform Usage
DEVICEADMIN The app contains a Broadcast Receiver that can acquire device admin rights M1 – Improper Platform Usage
FACTORYTEST The app has the FACTORY_TEST permission set M10 – Extraneous Functionality
VIRUS Virus scanners recognize this as malicious M7 – Client Code Quality

You need to submit ticket to bypass these types of threats including below information:

  • The current company you are working for:
  • Link to your app on appstore/playstore if any:
  • The purpose/actions your app performs:

Feedback

SELECTED

Tip

You can select a specific word, line of text, or one or more paragraphs to comment.

COMMENT

Please give us some feedback !
Thank you!
  • We are listening,
  • we will do our best to fix this soon