Comments (1)
I believe you misunderstood the output. The vulnerability alerts precede the components which are impacted. The full output is below:
POTENTIAL VULNERABILITY - The following activity are exported and protected by a permission, but the permission can be obtained by malicious apps installed prior to this one. More info: https://github.com/commonsguy/cwac-security/blob/master/PERMS.md. Failing to protect activity could leave them vulnerable to attack by malicious apps. The activity should be reviewed for vulnerabilities, such as injection and information leakage.
example.com.permissioncheckbug.TestPermissionActivity
example.com.permissioncheckbug.PermissionControl
WARNING - The following activity are exported, but not protected by any permissions. Failing to protect activity could leave them vulnerable to attack by malicious apps. The activity should be reviewed for vulnerabilities, such as injection and information leakage.
example.com.permissioncheckbug.MainActivity
This saying that an app installed before this one, on older versions of Android, can bypass the permission protection.
POTENTIAL VULNERABILITY - The following activity are exported and protected by a permission, but the permission can be obtained by malicious apps installed prior to this one. More info: https://github.com/commonsguy/cwac-security/blob/master/PERMS.md. Failing to protect activity could leave them vulnerable to attack by malicious apps. The activity should be reviewed for vulnerabilities, such as injection and information leakage.
example.com.permissioncheckbug.TestPermissionActivity
example.com.permissioncheckbug.PermissionControl
This is warning that the MainActivity is not protected by permissions:
WARNING - The following activity are exported, but not protected by any permissions. Failing to protect activity could leave them vulnerable to attack by malicious apps. The activity should be reviewed for vulnerabilities, such as injection and information leakage.
example.com.permissioncheckbug.MainActivity
from qark.
Related Issues (20)
- Improper x.509 certificate validation in extensions of X509TrustManager with general conditions
- Improper x.509 certificate validation in extensions of X509TrustManager with Specific conditions
- can not install qark.
- Dex not supported
- Exported component not found because of code logic
- RecursionError: maximum recursion depth exceeded in comparison HOT 4
- 'xml.etree.ElementTree.Element' object has no attribute 'getchildren' HOT 1
- Failed to run APKTool HOT 4
- lesterdeMacBook-Pro% qark --help zsh: permission denied: qark
- exploit-apk not working on windows
- ImportError: No module named termios
- Error running dex2jar command HOT 1
- npm run generate error
- Broken logic since multidex
- 'qark' is not recognized as an internal or external command HOT 1
- Traceback error fix ?
- FAILURE: Build failed with an exception.
- Could not determine java version from '17.0.6'.
- Problem in Installing Qark requirements HOT 2
- Which is the latest working commit?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from qark.