android-checkout-sdk icon indicating copy to clipboard operation
android-checkout-sdk copied to clipboard

Published 20 hours ago verified publisher icon paypal

CWE-276: Incorrect Default Permissions

Open wojciodataist opened this issue 1 year ago • 1 comments

Hi,

I'm performing a security tests on an android mobile app that uses android-checkout-sdk. While doing code analysis of the app I've stumbled upon an issue with: The file or SharedPreference is World Writable. Any App can write to the file which is a standard of: CWE-276: Incorrect Default Permissions OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2

The issue is stored in com/paypal/pyplcheckout/data/repositories/cache/Cache.java

Is this something that we should take care of on our side? If so, then maybe you have some suggestions what can be done?

wojciodataist avatar Feb 20 '24 11:02 wojciodataist

Thank you for reaching out to the Native Checkout SDK team. This integration path is now inactive for new merchants. If you are an existing merchant, please contact us here for further assistance.

New merchants can integrate the Native Checkout experience via the Braintree Android SDK or PayPal Android SDK. For more information please see their respective developer documentation linked below.

github-actions[bot] avatar Feb 20 '24 11:02 github-actions[bot]