Task #12992: [ANDROID] - Pentest - I2 - Application Screenshot (Unintended Data Leakage) - BSN CDB Support - Penril Support System

Task #12992

Support #12933: [SCP ID :##6249##] : Mobile Pentest Remediation

[ANDROID] - Pentest - I2 - Application Screenshot (Unintended Data Leakage)

Added by Nurul Athira Abdul Rahim over 2 years ago. Updated over 1 year ago.

Status:

User Acceptance Test

Start date:

May 11, 2022

Priority:

Normal

Due date:

Assignee:

Binti Marobi Athirah Umairah

% Done:

100%

Category:

PCI DSS - Pentest

Spent time:

Target version:

Description

The application allows users to take a screenshot of the application's current state on their mobile device. Data may be disclosed if a screenshot is taken when the application screen contains sensitive data. Additionally, if a device is infected by malware, it may record the user's activities and data shown on the application screen to steal sensitive data.

Action Plan:
Already set the program following the reported issue on last Pentest scanning.

Aina need to review the code.

Screenshot 2022-05-18 170220.png (7.95 KB) MUHAMMAD IHSAN, May 18, 2022 18:03

Internal Test Results_SCPID #6249_ANDROID I2.docx (346 KB) Nurul Syahirah Md Nawi, June 03, 2022 10:19

History

#1 Updated by Rahmat Aina Nadia over 2 years ago

Assignee changed from Rahmat Aina Nadia to MUHAMMAD IHSAN

#2 Updated by MUHAMMAD IHSAN over 2 years ago

Status changed from New - Begin Life Cycle to Development / Work In Progress

#3 Updated by MUHAMMAD IHSAN over 2 years ago

File Screenshot 2022-05-18 170220.png added
Status changed from Development / Work In Progress to Finished Development
% Done changed from 0 to 100

Change enable screenshots to disable screenshots in the onResume method.

#4 Updated by Rahmat Aina Nadia over 2 years ago

Assignee changed from MUHAMMAD IHSAN to Nurul Syahirah Md Nawi

#5 Updated by Nurul Syahirah Md Nawi over 2 years ago

Status changed from Finished Development to Internal Testing

#6 Updated by Nurul Syahirah Md Nawi over 2 years ago

File Internal Test Results_SCPID #6249_ANDROID I2.docx added

Tested & passed

#7 Updated by Nurul Syahirah Md Nawi over 2 years ago

Status changed from Internal Testing to System Integration Test

#8 Updated by Nurul Athira Abdul Rahim over 1 year ago

Status changed from System Integration Test to Pending UAT Deployment
Assignee changed from Nurul Syahirah Md Nawi to Rahmat Aina Nadia

Please deploy this fixes to UAT.

Thanks

#9 Updated by Rahmat Aina Nadia over 1 year ago

Status changed from Pending UAT Deployment to User Acceptance Test
Assignee changed from Rahmat Aina Nadia to Binti Marobi Athirah Umairah

Hi Umai,

kindly refer to the link below for the UAT APK. The APK link in the google sheet is also updated.

https://drive.google.com/file/d/1IaK9xpXygbTlXJWvJZZxvToz1U_Gamqi/view?usp=share_link

Also available in: Atom PDF

B - Production Support » BSN CDB Support

Issues