Task #12987

Support #12933: [SCP ID :##6249##] : Mobile Pentest Remediation

[ANDROID] - Pentest - L11 - Android Application Supports Cleartext Traffic

Added by Nurul Athira Abdul Rahim over 2 years ago. Updated over 1 year ago.

Status:Pending UAT DeploymentStart date:May 11, 2022
Priority:NormalDue date:
Assignee:Nurul Athira Abdul Rahim% Done:

100%

Category:PCI DSS - PentestSpent time:-
Target version:-

Description

The Android "clearTextTrafficPermitted" property is set to true in the application's Network Security Configuration file. This enables support of cleartext (using the unencrypted HTTP protocol instead of HTTPS) communications.

Action Plan:
Firas to clarify to LGMS - Android traffic parameter only for Uat and VPN only.

Aina - To test production "set to false" result.

non-production.PNG (29.2 KB) Rahmat Aina Nadia, July 18, 2022 10:25

History

#1 Updated by Nurul Athira Abdul Rahim over 2 years ago

  • Subject changed from [ANDROID] - Pentest - L10 - Android Application Supports Cleartext Traffic to [ANDROID] - Pentest - L11 - Android Application Supports Cleartext Traffic

#2 Updated by Rahmat Aina Nadia about 2 years ago

  • File non-production.PNG added
  • Status changed from New - Begin Life Cycle to Finished Development
  • % Done changed from 0 to 100

for VPN and UAT environments, the android traffic parameter needs to be set to true, otherwise, the HTTP communications and IP address used is not permitted and will give the server under maintenance result. for production, should always be set to false.

#3 Updated by Rahmat Aina Nadia about 2 years ago

  • Status changed from Finished Development to Internal Testing
  • Assignee changed from Rahmat Aina Nadia to Nurul Athira Abdul Rahim

#4 Updated by Binti Marobi Athirah Umairah about 2 years ago

  • Status changed from Internal Testing to System Integration Test

Tested & passed

#5 Updated by Norhaidah Md Dasuki over 1 year ago

Athira, please update on this task. Tq

#6 Updated by Nurul Athira Abdul Rahim over 1 year ago

  • Status changed from System Integration Test to Pending UAT Deployment

Please deploy this fixes to UAT.

Thanks

#7 Updated by Rahmat Aina Nadia over 1 year ago

Hi Athira,

kindly refer to the link below for the UAT APK. The APK link in the google sheet is also updated.

https://drive.google.com/file/d/1IaK9xpXygbTlXJWvJZZxvToz1U_Gamqi/view?usp=share_link

Also available in: Atom PDF