DerScanner
Home / Vulnerability Database / Android : Telephony usage
Android

Android : Telephony usage

Classification

OWASP Mobile Top 10 2014
M4-Unintended Data LeakageM8-Security Decisions Via Untrusted Inputs
OWASP Mobile Top 10 2016
M3-Insecure Communication
OWASP MASVS
V6: 6.1.(L1/L2/L1+R/L2+R)
CWE
CWE-250
CWE/SANS Top 25 2011
CWE-250

Overview

The application can make or receive phone calls.

An application must not use methods related to the telephony, if it is not provided by its functionality. Malware often uses phone calls to premium-rate numbers to steal user funds.

References

  1. TelephonyManager - developer.android.com
  2. CWE-250: Execution with Unnecessary Privileges
MEDIUM

DerScanner Severity Score

Do you want to fix Android : Telephony usage in your application?

See also

Android

Android : Debug mode on

Android

Android : Error handling: generic exception

Android

Android : HTTP usage