Professional Documents
Culture Documents
Student’s Name
University Affiliation
Course Name
Instructor’s Name
Due Date
2
Many mobile applications and softwares are vulnerable and prone to malicious attacks. Software
vulnerabilities can compromise the systems integrity and can also leak confidential information
to unauthorized persons who can have malicious intent. Vulnerability analysis is an important
task in both the development of application and in the maintenance phase of the same. The main
aim of doing vulnerability scanning and analysis is to identify the most vulnerable parts of the
software and to try to mitigate the risk that such threats can cause if compromised (Owoh et al.,
2020). This reports looks at the vulnerability that were found after scanning a mobile application
Vulnerabilities found
There are 12 vulnerabilities that were identified after analyzing the Dr Driving mobile
application using quixxi. Two of those vulnerability scanned presented high severity threats,
seven had medium severity threats and three had low severity threats. The first vulnerable aspect
was found in the data storage and privacy is that the application allowed for the unsafe deletion
of files (santos et al., 2017). The other feature of the application that presents high threat to the
system is that it allowed for the improper exportation of android components. Also the
application was found to expose the backup file which are not protected to unauthorized
personnel (Martin, 2019). The application generated random numbers that are weak and can be
predicted easily because of its algorithm. It also used a weak algorithm in hashing which can be
easily broken. Moreover the application also inserted information which is sensitive into the
debugging code and was not disabled during the production leading to information leakage.
There are several exploits and attacks that a hacker can use to take advantage of the application
and also to still information. There is a bug that was found in the code that made files to be
unsafe to delete (santos et al., 2017). Sql injections into can be used to exploit the bug and even
to access other information in the application database. Spoofing methods and techniques can be
used on the application network to access the components and information which the android
application exports. The exported components are not protected or restricted from any other
application leaving the system prone to spoofing attacks. The application allowed the backup of
sensitive information which the attacker can access using the “adb backup –f” command. Brute
force attacks can also be used to break the random numbers that are generator by the application
this is because the application uses a predictable algorithm. The password and other sensitive
information can be broken by brute force methods because of the weak hashing algorithm that is
used in the application. Reverse engineering techniques can be used to access the sensitive
To fix the unsafe deletion problem first should not be allowed to save a copy of the photos in the
secret chats that are accessible by other parties even after being deleted by the users. The
application should also limit the access of this sensitive data and add firewalls so as to prevent
Sql attacks. The exported components which are vulnerable should be fixed by using
“android:exported= ‘false’”in the manifest file of the android application (Chaim et al., 2017). It
will prevent the exportation of components that contain confidential data. To prevent the
compromise of the android app through the backup file, the app should prevent the backing up of
2019). The breaking of the hashed data can be prevented by use of complex hashing algorithms.
4
Conclusion
Most of the vulnerabilities and error that occur during the production of a mobile application can
have devastating effects. Hackers are well known to exploit these vulnerable functions of the
application. Vulnerability can lead to loss of confidential information and other sensitive
information. Through the bugs that are found in the application, a hacker can take advantage of
the application and do malicious things even without raising any suspicions. The mobile
application should be analyzed well and all vulnerability identified and fixed before being
deployed.
5
References
Amin, A., Eldessouki, A., Magdy, M. T., Abdeen, N., Hindy, H., & Hegazy, I. (2019).
systematically catalog the safety and security challenges for modern, networked,
https://cwe.mitre.org/data/definitions/530.html
Owoh, N. P., & Singh, M. M. (2020). Security analysis of mobile crowd sensing
https://www.emerald.com/insight/content/doi/10.1016/j.aci.2018.10.002/full/html
Santos, J. C., Peruma, A., Mirakhorli, M., Galstery, M., Vidal, J. V., & Sejfia, A. (2017, April).
Appendix: Screenshots