Description

The application is signed with a V1 signing scheme, which makes it vulnerable to the Janus vulnerability in Android.

Impact

Precede a malicious DEX file to an APK file, without affecting its signature.

Recommendation

Securely configure the vulnerable service so that it can only be accessed by authorized users.

Threat

Unauthorized attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes