57 lines
3.6 KiB
INI
57 lines
3.6 KiB
INI
com.bartek.esa.core.archetype.BasePlugin.NO_USES_SDK=There is no <uses-sdk> defined in AndroidManifest.xml file. \n\
|
|
In order to use this tool, <uses-sdk> should be defined in AndroidManifest.xml with android:minSdkVersion attribute at least.\n\
|
|
This element should be placed below the root (<manifest>) level.\n\
|
|
For example: \n\
|
|
<manifest>\n\
|
|
\t<uses-sdk android:minSdkVersion="23">\n\
|
|
\t...\n\
|
|
</manifest>
|
|
|
|
com.bartek.esa.core.archetype.BasePlugin.USES_SDK.NO_MIN_SDK_VERSION=There is no minSdkVersion defined in AndroidManifest.xml file. \n\
|
|
In order to use this tool, minimal SDK version should be provided as the attribute of <uses-sdk> element.\n\
|
|
For example: <uses-sdk android:minSdkVersion="23">
|
|
|
|
com.bartek.esa.core.archetype.JavaPlugin.NO_PACKAGE=There is no package defined in AndroidManifest.xml file. \n\
|
|
Package should be defined as attribute of <manifest> tag.\n\
|
|
For example: <manifest package="com.bartek.esa.test">\n\
|
|
Please fix it to use this tool.
|
|
|
|
com.bartek.esa.core.plugin.LoggingPlugin=Potential data leakage in logs. \n\
|
|
Logging method was detected. Please check if no sensitive data is logged there.
|
|
|
|
com.bartek.esa.core.plugin.DebuggablePlugin.NO_ATTR=There is no android:debuggable option. Potential data leakage. \n\
|
|
The android:debuggable option was not found in the AndroidManifest.xml file. \n\
|
|
To avoid any potential data leakage in the future, please explicitly set this flag to false. \n\
|
|
The attribute should be placed in <application> tag.\n\
|
|
For example: <application android:debuggable="false">
|
|
|
|
com.bartek.esa.core.plugin.DebuggablePlugin.NO_FALSE=The android:debuggable is set to 'true'. Potential data leakage. \n\
|
|
The android:debuggable option in AndroidManifest.xml is set to 'true'. \n\
|
|
This will cause application to be debuggable and can result in \
|
|
security issues and data leakage on the production environment. \n\
|
|
Consider setting it to 'false'.
|
|
|
|
com.bartek.esa.core.plugin.AllowBackupPlugin.NO_ATTR=There is no android:allowBackup option. Potential data leakage. \n\
|
|
The android:allowBackup option was not found in the AndroidManifest.xml file. \n\
|
|
To avoid any potential data theft in the future, please explicitly set this flag to false. \n\
|
|
The attribute should be placed in <application> tag.\n\
|
|
For example: <application android:allowBackup="false">
|
|
|
|
com.bartek.esa.core.plugin.AllowBackupPlugin.NO_FALSE=The android:allowBackup is set to 'true'. Potential data leakage. \n\
|
|
The android:allowBackup option in AndroidManifest.xml is set to 'true'. \n\
|
|
This will allow accessing the backups via adb if device has USB debugging enabled.\n\
|
|
Consider setting it to 'false'.
|
|
|
|
com.bartek.esa.core.plugin.PermissionsRaceConditionPlugin=Potential permissions race condition vulnerability. \n\
|
|
There are declared custom permissions in AndroidManifest.xml and the minimal API version is set to less than 21.\n\
|
|
It means that declared permissions can be obtained by malicious application installed before and without need of having 1proper signature.\n\
|
|
Consider setting minimal API version to 21 at least.
|
|
|
|
com.bartek.esa.core.plugin.SecureRandomPlugin=Initializing SecureRandom object with custom seed. \n\
|
|
Specifying custom seed for SecureRandom can produce predictable sequence of numbers. \n\
|
|
Please create SecureRandom object without any arguments instead.
|
|
|
|
com.bartek.esa.core.plugin.ImplicitIntentsPlugin=Creating implicit intent. Potential data leakage. \n\
|
|
Implicit intents can be abused in man-in-the-middle attack. Malicious application can hijack intent and start its\n\
|
|
activity/send service etc. to steal sent data. \n\
|
|
Also make sure that no sensitive information is passing to this intent. |