The application does not have a control that detects if it is being used in an emulator, allowing a wider surface for reverse engineering.
Apply reverse engineer to the application.
Implement recommended security controls for mobile applications.
Anonymous attacker from the Internet.
⌚ 120 minutes.
Default score using CVSS 3.1. It may change depending on the context of the src.
Default score using CVSS 4.0. It may change depending on the context of the src.
The methods used to check if the app is being run on an emulator should be as strong as possible given current techniques
private boolean isEmulator() {
return (Build.BRAND.startsWith("generic") && Build.DEVICE.startsWith("generic"))
|| Build.FINGERPRINT.startsWith("generic")
|| Build.FINGERPRINT.startsWith("unknown")
|| Build.HARDWARE.contains("goldfish")
|| Build.HARDWARE.contains("ranchu")
|| Build.MODEL.contains("google_sdk")
|| Build.MODEL.contains("Emulator")
|| Build.MODEL.contains("Android SDK built for x86")
|| Build.MANUFACTURER.contains("Genymotion")
|| Build.PRODUCT.contains("sdk_google")
|| Build.PRODUCT.contains("google_sdk")
|| Build.PRODUCT.contains("sdk")
|| Build.PRODUCT.contains("sdk_x86")
|| Build.PRODUCT.contains("sdk_gphone64_arm64")
|| Build.PRODUCT.contains("vbox86p")
|| Build.PRODUCT.contains("emulator")
|| Build.PRODUCT.contains("simulator");
}
Source code does not sufficiently check if the app is being run on an emulator
private boolean isEmulator() {
return (Build.BRAND.startsWith("generic") && Build.DEVICE.startsWith("generic"))
}