058 – Debugging enabled in production - APK

Description

The system has debugging enabled in the production environment, which can cause technical information leaks when an error occurs.

Impact

Get technical or sensitive information.

Recommendation

Configure the attribute: application.android:debuggable to false in the file: AndroidManifest.xml.

Threat

Unauthorized attacker from Internet network.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: L
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 077 - Avoid disclosing technical information
• 078 - Disable debugging events

Fixes

• Android

Last updated

2024/02/09