-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #95 from Ostorlab/DEPRECATED_TARGET_API_VERSION
Deprecated target api version
- Loading branch information
Showing
3 changed files
with
23 additions
and
0 deletions.
There are no files selected for viewing
4 changes: 4 additions & 0 deletions
4
MOBILE_CLIENT/ANDROID/_LOW/DEPRECATED_TARGET_API_VERSION/description.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
The `android:targetSdkVersion` attribute specifies the Android Target API level required by the application. Setting a low `targetSdkVersion` may allow the application to run on older Android versions but could expose users to security vulnerabilities. | ||
|
||
Here is a link with the deprecation notice: | ||
https://support.google.com/googleplay/android-developer/answer/11926878?hl=en |
18 changes: 18 additions & 0 deletions
18
MOBILE_CLIENT/ANDROID/_LOW/DEPRECATED_TARGET_API_VERSION/meta.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
{ | ||
"risk_rating": "low", | ||
"short_description": "Application sets the targetSdkVersion attribute to allow usage of older API level of Android which may expose users to security vulnerabilities.", | ||
"references": { | ||
"Android API Levels": "https://developer.android.com/guide/topics/manifest/uses-sdk-element#min", | ||
"Target API level deprecation notice" : "https://support.google.com/googleplay/android-developer/answer/11926878?hl=en" | ||
}, | ||
"title": "Deprecated Target API Version", | ||
"cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", | ||
"privacy_issue": false, | ||
"security_issue": true, | ||
"categories": { | ||
"PCI_STANDARDS":[ | ||
"REQ_6_2", | ||
"REQ_6_3" | ||
] | ||
} | ||
} |
1 change: 1 addition & 0 deletions
1
MOBILE_CLIENT/ANDROID/_LOW/DEPRECATED_TARGET_API_VERSION/recommendation.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Consider setting the `android:targetSdkVersion` attribute to a value that corresponds to a more recent Android API level. This can help ensure that the application benefits from security improvements and reduces the risk of vulnerabilities associated with older Android releases. |