Application supports insecure or outdated Android versions
Vulnerability Title
The application supports installation on older Android versions that contain multiple known and unpatched security vulnerabilities, increasing the risk of exploitation.
Vulnerability Explanation
This vulnerability arises when an application allows installation and operation on older Android versions that no longer receive security updates. These outdated platforms may have multiple known vulnerabilities that can be exploited locally or remotely; such as privilege escalation, insecure system components, or known Android framework bugs.
Allowing the app to run on these versions increases the chances of the app being attacked or tampered with, especially when combined with other misconfigurations like debuggable enabled or weak storage practices.
Vulnerability Impact
Supporting outdated Android versions puts users at risk due to unpatched system vulnerabilities. It may lead to reverse engineering, data leakage, or privilege escalation attacks. It also weakens the overall security posture of the application, making exploitation easier for attackers.Supporting outdated Android versions puts users at risk due to unpatched system vulnerabilities. It may lead to reverse engineering, data leakage, or privilege escalation attacks. It also weakens the overall security posture of the application, making exploitation easier for attackers.
Vulnerability Solution
- Update the minSdkVersion in your build.gradle file to a version that excludes unsupported or insecure Android versions.
- Always set targetSdkVersion to the latest stable version to ensure best practices and security features are enforced.
- Specify the minimum OS version supported in your app’s Play Store listing and documentation.
- Monitor Android’s platform support lifecycle and update minSdkVersion accordingly to reduce the risk of compatibility with insecure platforms.
