...
Sending a user's geolocation information without asking the user's permission violates the security and privacy considerations of the Geolocation API and leaks the user's sensitive information.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DRD15-J | Low | Probable | Medium | P4 | L3 |
Related Vulnerabilities
- JVN#81637882 Information disclosure vulnerability in Sleipnir Mobile for Android
Related Guidelines
Automated Detection
It is trivial to automatically detect if an app requires the permissions needed for the vulnerability, if the app also uses the WebView class, and if the app also implements the WebChromeClient#onGeolocationPermissionsShowPrompt() method. Tracing taint flow of sensitive geolocation data between components of one or more Android apps, and eventual transit to a sink, is a complex dataflow analysis.
Tool | Version | Checker | Description |
|---|
Bibliography
...
...