Task #12975

Support #12933: [SCP ID :##6249##] : Mobile Pentest Remediation

[ANDROID] - L3 - Sensitive Information Leaked in Logs (Unintended Data Leakage)

Added by Nurul Athira Abdul Rahim over 2 years ago. Updated over 1 year ago.

Status:User Acceptance TestStart date:May 13, 2022
Priority:NormalDue date:May 18, 2022
Assignee:Binti Marobi Athirah Umairah% Done:

100%

Category:PCI DSS - PentestSpent time:-
Target version:-

Description

Unintended data leakage occurs when a developer inadvertently places sensitive information or data in a location on the mobile device that is easily accessible by other apps on the device.

LGMS security team inspected the logs on the mobile device and discovered sensitive information such as bearer token, username, address, email, phone no, transaction details, bank account details, encrypted/hashed password being logged by the application.

Action Plan:
To check and hide sensitive data.

hide_loggings.PNG (13.3 KB) Rahmat Aina Nadia, May 31, 2022 13:19

L3.jpeg (32.2 KB) Nurul Syahirah Md Nawi, June 02, 2022 15:45

Internal Test Results_SCPID #6249_ANDROID L3.docx (94.6 KB) Nurul Syahirah Md Nawi, June 17, 2022 08:01

History

#1 Updated by Nurul Athira Abdul Rahim over 2 years ago

  • Parent task set to #12933

#2 Updated by Rahmat Aina Nadia over 2 years ago

  • Status changed from New - Begin Life Cycle to Development / Work In Progress

#3 Updated by Rahmat Aina Nadia over 2 years ago

  • Due date set to May 18, 2022
  • Start date changed from May 10, 2022 to May 13, 2022

#4 Updated by Rahmat Aina Nadia over 2 years ago

  • File hide_loggings.PNG added
  • Status changed from Development / Work In Progress to Finished Development
  • % Done changed from 0 to 90

added new rule to remove logging calls in proguard file

#5 Updated by Rahmat Aina Nadia over 2 years ago

  • Assignee changed from Rahmat Aina Nadia to Nurul Syahirah Md Nawi

#6 Updated by Nurul Syahirah Md Nawi over 2 years ago

  • File L3.jpeg added
  • Assignee changed from Nurul Syahirah Md Nawi to Rahmat Aina Nadia

#7 Updated by Rahmat Aina Nadia over 2 years ago

  • Status changed from Finished Development to Internal Testing
  • Assignee changed from Rahmat Aina Nadia to Nurul Syahirah Md Nawi

#8 Updated by Nurul Syahirah Md Nawi over 2 years ago

Tested & passed

#9 Updated by Nurul Syahirah Md Nawi over 2 years ago

  • Status changed from Internal Testing to System Integration Test

#10 Updated by Nurul Athira Abdul Rahim about 2 years ago

  • Assignee changed from Nurul Syahirah Md Nawi to Nurul Athira Abdul Rahim

#11 Updated by Nurul Athira Abdul Rahim about 2 years ago

  • % Done changed from 90 to 100

#12 Updated by Nurul Athira Abdul Rahim over 1 year ago

  • Status changed from System Integration Test to Pending UAT Deployment
  • Assignee changed from Nurul Athira Abdul Rahim to Rahmat Aina Nadia

Please deploy this fixes to UAT.

Thanks

#13 Updated by Rahmat Aina Nadia over 1 year ago

  • Status changed from Pending UAT Deployment to User Acceptance Test
  • Assignee changed from Rahmat Aina Nadia to Binti Marobi Athirah Umairah

Hi Umai,

kindly refer to the link below for the UAT APK. The APK link in the google sheet is also updated.

https://drive.google.com/file/d/1IaK9xpXygbTlXJWvJZZxvToz1U_Gamqi/view?usp=share_link

Also available in: Atom PDF