Allowing User Certificates | Multiple |
Bidirectional text spoofing | Multiple |
Call to SSLCertificateSocketFactory.getInsecure() | Multiple |
Cipher.getInstance with ECB | Multiple |
Code contains easter egg | Multiple |
Code might contain an auth leak | Multiple |
Content provider does not require permission | Multiple |
Content provider shares everything | Multiple |
Declaring signatureOrSystem permissions | Multiple |
Exported service does not require permission | Multiple |
File.setReadable() used to make file world-readable | Multiple |
File.setWritable() used to make file world-writable | Multiple |
Hardcoded value of android:debuggable in the manifest | Multiple |
Hardware Id Usage | Multiple |
Implements custom TLS trust manager | Multiple |
Implicit intent matches an internal non-exported component | Multiple |
Incorrect usage of getCallingUid() or getCallingPid() | Multiple |
Insecure Base Configuration | Multiple |
Insecure HostnameVerifier | Multiple |
Insecure TLS/SSL trust manager | Multiple |
Insecure call to SSLCertificateSocketFactory.createSocket() | Multiple |
Invalid Permission Attribute | Multiple |
Launched Unsafe Intent | Multiple |
Libraries with Privacy or Security Risks | Multiple |
Missing @JavascriptInterface on methods | Multiple |
Missing PendingIntent mutability flag | Multiple |
Missing data extraction rules | Multiple |
Missing registerReceiver() exported flag | Multiple |
Native code outside library directory | Multiple |
Packaged private key | Multiple |
Permission appears to be a custom permission with a typo | Multiple |
Permission appears to be a standard permission with a typo | Multiple |
Permission name does not follow recommended convention | Multiple |
Permission name is a reserved Android permission | Multiple |
PreferenceActivity should not be exported | Multiple |
Proceeds with the HTTPS connection despite SSL errors | Multiple |
Provider with readPermission only and implemented write APIs | Multiple |
Proxy Password in Cleartext | Multiple |
Receiver does not require permission | Multiple |
TileProvider does not set permission | Multiple |
Unprotected SMS BroadcastReceiver | Multiple |
Unsafe Protected BroadcastReceiver | Multiple |
Unspecified android:exported in manifest | Multiple |
Using BC Provider | Multiple |
Using C2DM | Multiple |
Using Deleted Provider | Multiple |
Using HTTP instead of HTTPS | Multiple |
Using a fixed seed with SecureRandom | Multiple |
Using setJavaScriptEnabled | Multiple |
Using the result of check permission calls | Multiple |
Value specified for permission is a known error | Multiple |
addJavascriptInterface Called | Multiple |
load used to dynamically load code | Multiple |
openFileOutput() with MODE_WORLD_READABLE | Multiple |
openFileOutput() with MODE_WORLD_WRITEABLE | Multiple |