You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OS and Version: Darwin (darwin 23.4.0) macOS-14.4.1-arm64-arm-64bit
Python Version: 3.10
MobSF Version: Mobile Security Framework v3.9.8 Beta
EXPLANATION OF THE ISSUE
The issue happens only when obfuscation ( code shrinking in particular ) is enabled. Even though the Context.private is used for Android shared preference initialisation , MOBsf flags it as world-writable.
Using -dontshrink in proguard rules removed the warning.
Even upon clickin viewFiles , the report takes us to the flagged line , where the visibility is set as 0 only. ( 0 being private, while 1 is world-writable )
STEPS TO REPRODUCE THE ISSUE
1. The preference is being flagged from a library we use , which also has C++ files in it. Nothing else is peculiar about it.
2. When minify is enabled with shrinking the preferences are flagged as world writeable inspite of the value being 0 ( private )
The text was updated successfully, but these errors were encountered:
👋 @diveshpincha
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.
ENVIRONMENT
EXPLANATION OF THE ISSUE
STEPS TO REPRODUCE THE ISSUE
The text was updated successfully, but these errors were encountered: