logo

Database

Debugging enabled in production - APK

Description

The system has debugging enabled in the production environment, which can cause technical information leaks when an error occurs.

Impact

Get technical or sensitive information.

Recommendation

Configure the attribute: application.android:debuggable to false in the file: AndroidManifest.xml.

Threat

Unauthorized attacker from Internet network.

Expected Remediation Time

⏱️ 15 minutes.

Requirements

077 - Avoid disclosing technical information078 - Disable debugging events

Fixes

Android

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

L

Attack complexity

H

Attack requirements

N

Privileges required

N

User interaction

N

Confidentiality (VC)

L

Integrity (VI)

N

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N