Description

The application has no control to ensure that a third party has not modified and recompiled the application, allowing to modify and evade validations such as the detection of a root user on the device.

Impact

Elude application validations.

Recommendation

Perform validations on the server during the entire application process.

Threat

Authorized attacker from the Internet.

Expected Remediation Time

⏱️ 450 minutes.

Details

https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05j-testing-resiliency-against-reverse-engineering#owasp-masvs

Requirements

Fixes