Insecure App Permissions

Security misconfiguration in mobile apps arises from improperly configured security settings, permissions, or controls, creating vulnerabilities that can be exploited for unauthorised access or malicious activities.

Remediation

Review and minimise app permissions to only those strictly necessary for functionality, avoiding overprivileged access.
Enforce secure default configurations for the application, ensuring all security settings are correctly applied during deployment.
Disable debugging or developer features (e.g., logging sensitive data) in production builds to prevent attackers from leveraging them.
Use secure storage mechanisms, such as Android Keystore or iOS Secure Enclave, to protect sensitive information.

Metadata

Severity: low
Slug: insecure-app-permissions

OWASP

M8:2024: Security Misconfiguration App

Available Labs

Open Swift labs in SecDim Play for this vulnerability.

easy

Webview.ios

Swift Easy iOS Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.