Android Apk Backups Enabled
Description
Detects when an Android application has backups enabled in AndroidManifest.xml without proper restrictions. When backups are enabled, sensitive application data can be extracted through Android's backup system, potentially exposing confidential information to unauthorized parties.
Detection Strategy
• Scans the AndroidManifest.xml file for the android:allowBackup attribute
• Reports a vulnerability if allowBackup is set to 'true' or is not explicitly set (defaults to true)
• Examines the application-level tag in manifest for backup configuration
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.