CWE-732 - Incorrect Permission Assignment for Critical Resource

Description

The application does not assign the correct permissions to a critical resource. This can allow attackers to steal sensitive data or perform unintended actions. For example, an attacker can steal user credentials or perform a transaction without user consent.

Manifest Scanner Check

$ manifest-scanner -f /path/to/android-project -c CWE-732

References

• https://developer.android.com/guide/topics/manifest/permission-element
• https://developer.android.com/guide/topics/manifest/permission-group-element
• https://developer.android.com/guide/topics/manifest/permission-tree-element
• https://developer.android.com/guide/topics/manifest/permission-element#plevel