162 – Missing secure obfuscation - binary
Description
An anonymous user from the Internet can extract the .apk of the Android application to decompile the binaries in order to have access to the source code and thus better understand the logic of the application.
Impact
- Extract the apk from the application. - Decompile the binaries found in the apk. - Understand the logic of the application and increases the attack surface.
Recommendation
Obfuscate all source code files in production.
Threat
Anonymous user from the Internet with access to the application logic being able to view the binaries and see the source code.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P