Skip to content

MASTG-TEST-0265: References to StrictMode APIs

Overview

This test checks whether the app uses StrictMode. While useful for developers to log policy violations such as disk I/O or network operations during development, it can expose sensitive implementation details in the logs that could be exploited by attackers.

Steps

  1. Use Reverse Engineering Android Apps to reverse engineer the app.
  2. Use Static Analysis on Android to look for the relevant APIs.

Observation

The output should identify all instances of StrictMode usage in the app.

Evaluation

The test case fails if the app uses StrictMode APIs.

Demos

MASTG-DEMO-0039: Detecting StrictMode PenaltyLog Usage with Semgrep