...
| View file | ||
|---|---|---|
|
| View file | ||
|---|---|---|
|
Summary
iOS: 1st time scan.
1 High Risk issue identifed by the scan. This is not a 1.2.0 regression but exised since 1.1.1 at least. SAF-818 raised.
Also 1 Medium Risk issue. Not a regression, not a priority.
Android: last scan was Safe Paths 0.9.2.
No High Risk issues.
5 Medium Risk issues. One minor regression vs. 0.9.2. (a new instance of one of these). SAF-819 raised. Not yet known if this is a regression vs. 1.1.4, though we suspect nor.
Another longstanding issue regarding unexpected traffic sent to Youtube & Google. SAF-820 raised.
Analysis - iOS
As far as we know, we had not run this iOS Scan previously.
However to provide a reference, we have just run the same scan over an IPA file from 1.1.1b2 (June 24), which is attached:
...
Given that our main Realm database in encrypted, and we have a security principle that data is encrypted at rest, it’s important that we understand what is stored in these plain text databases, and confirm that there is no risk of leakage of sensitive data.
SAF-XXX 819 raised to cover this.
Note that there are also a series of Low Risk, and Warning items. We should investigate these as well, but at a lower priority. Tickets not raised for these yet.
...
This is an improvement on 0.9.2 where there were 36 such traffic destinations. However 5 of the 6 remaining traffic targets are still unexpected and merit investigation.
SAF-XXX 820 raised to cover this
Details as follows:
...
Software Composition Analysis
...