Skip to content

Commit

Permalink
Merge pull request #95 from Ostorlab/DEPRECATED_TARGET_API_VERSION
Browse files Browse the repository at this point in the history
Deprecated target api version
  • Loading branch information
3asm authored Dec 21, 2023
2 parents 2fcf267 + c43c77e commit 4e54c5e
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
The `android:targetSdkVersion` attribute specifies the Android Target API level required by the application. Setting a low `targetSdkVersion` may allow the application to run on older Android versions but could expose users to security vulnerabilities.

Here is a link with the deprecation notice:
https://support.google.com/googleplay/android-developer/answer/11926878?hl=en
18 changes: 18 additions & 0 deletions MOBILE_CLIENT/ANDROID/_LOW/DEPRECATED_TARGET_API_VERSION/meta.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"risk_rating": "low",
"short_description": "Application sets the targetSdkVersion attribute to allow usage of older API level of Android which may expose users to security vulnerabilities.",
"references": {
"Android API Levels": "https://developer.android.com/guide/topics/manifest/uses-sdk-element#min",
"Target API level deprecation notice" : "https://support.google.com/googleplay/android-developer/answer/11926878?hl=en"
},
"title": "Deprecated Target API Version",
"cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"privacy_issue": false,
"security_issue": true,
"categories": {
"PCI_STANDARDS":[
"REQ_6_2",
"REQ_6_3"
]
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Consider setting the `android:targetSdkVersion` attribute to a value that corresponds to a more recent Android API level. This can help ensure that the application benefits from security improvements and reduces the risk of vulnerabilities associated with older Android releases.

0 comments on commit 4e54c5e

Please sign in to comment.