Access Control: File Permissions World Readable Files Check
0
<?xml version="1.0" encoding="UTF-8" ?> <widget xmlns = "http://www.w3.org/ns/widgets" xmlns:gap = "http://phonegap.com/ns/1.0" xmlns:android = "http://schemas.android.com/apk/res/android" id = "io.mxapps.elasticapp" version = "0.0.12"> <name>ElasticApp</name> <description></description> <!-- Current latest and default version Platform versions don't follow a common version number anymore (see: http://phonegap.com/blog/2015/06/16/phonegap-updated-on-build/). Instead, Phonegap Build derives the platform versions from the CLI defaults. --> <preference name="phonegap-version" value="cli-6.5.0" /> <!-- allow assets to be loaded and open links in the app itself, see: http://phonegap.com/blog/2012/03/20/access-tags/ --> <!-- Issue 204079: Allow retrieval of any resource. Custom widgets can point to anything. --> <access origin="*" /> <allow-navigation href="https://sprintr.home.mendix.com/*" /> <preference name="permissions" value="none" /> <!-- Force the default architecture for Android to ARM --> <plugin name="com.darktalker.cordova.screenshot" source="npm" spec="0.1.6" /> <plugin name="com.telerik.plugins.nativepagetransitions" source="npm" spec="0.6.5" /> <plugin name="cordova-build-architecture" source="git" spec="https://github.com/MBuchalik/cordova-build-architecture.git#v1.0.1" /> <plugin name="cordova-plugin-actionsheet" source="npm" spec="2.3.3" /> <plugin name="cordova-plugin-android-permissions" source="npm" spec="0.10.0" /> <plugin name="cordova-plugin-app-version" source="npm" spec="0.1.8" /> <plugin name="cordova-plugin-battery-status" source="npm" spec="1.1.2" /> <plugin name="cordova-plugin-console" source="npm" spec="1.0.3" /> <plugin name="cordova-plugin-device" source="npm" spec="1.1.2" /> <plugin name="cordova-plugin-device-motion" source="npm" spec="1.2.1" /> <plugin name="cordova-plugin-device-orientation" source="npm" spec="1.0.3" /> <plugin name="cordova-plugin-dialogs" source="npm" spec="1.2.1" /> <plugin name="cordova-plugin-file" source="npm" spec="4.2.0" /> <plugin name="cordova-plugin-file-transfer" source="npm" spec="1.5.1" /> <plugin name="cordova-plugin-globalization" source="npm" spec="1.0.3" /> <plugin name="cordova-plugin-inappbrowser" source="npm" spec="1.4.0" /> <plugin name="cordova-plugin-network-information" source="npm" spec="1.2.1" /> <plugin name="cordova-plugin-secure-storage" source="npm" spec="2.4.0" /> <plugin name="cordova-plugin-spinner" source="npm" spec="1.1.0" /> <plugin name="cordova-plugin-privacyscreen" source="npm"/> <plugin name="cordova-plugin-splashscreen" source="npm" /> <preference name="SplashScreen" value="screen" /> <preference name="SplashScreenDelay" value="7000" /> <plugin name="cordova-plugin-statusbar" source="npm" spec="2.1.3" /> <plugin name="cordova-plugin-vibration" source="npm" spec="2.1.1" /> <plugin name="cordova-plugin-x-socialsharing" source="npm" version="5.0.11"/> <plugin name="cordova-plugin-zip" source="npm" spec="3.1.0" /> <plugin name="cordova-plugin-whitelist" source="npm" spec="1.2.2" /> <plugin name="cordova-sqlite-storage-pgb" source="git" spec="https://github.com/mendix/Cordova-sqlite-storage-pgb.git#storage-master" /> <plugin name="phonegap-plugin-push" source="npm" spec="1.5.3" /> <plugin name="uk.co.workingedge.phonegap.plugin.launchnavigator" source="npm" version="2.9.11"/> <plugin name="cordova-plugin-touch-id" source="npm" version="3.2.0"/> <plugin name="cordova-plugin-android-fingerprint-auth" source="npm" version="1.4.0"/> <plugin name="cordova-universal-links-plugin" source="npm" version="1.2.1"/> <plugin name="cordova-plugin-media" source="npm" spec="2.3.0" /> <!-- On iOS, the statusbar is transparent by default and is drawn over the top of our app. --> <preference name="StatusBarOverlaysWebView" value="false" /> <preference name="StatusBarBackgroundColor" value="#000000" /> <preference name="DisallowOverscroll" value="true" /> <preference name="webviewbounce" value="false" /> <!-- Set proper defaults for `cordova.file.dataDirectory`. --> <preference name="iosPersistentFileLocation" value="Library" /> <!-- Set proper keyboard action for Apple device. --> <preference name="KeyboardDisplayRequiresUserAction" value="false" /> <!-- Disable backup to iCloud on iOS. --> <preference name="BackupWebStorage" value="none" /> <!-- Enable WKWebView on iOS --> <feature name="CDVWKWebViewEngine"> <param name="ios-package" value="CDVWKWebViewEngine" /> </feature> <preference name="CordovaWebViewEngine" value="CDVWKWebViewEngine" /> <plugin name="cordova-plugin-wkwebview-engine-nextgen" source="npm" spec="^1.1.0" /> <platform name="ios"> <icon height="57" platform="ios" src="res/icons/ios/icon.png" width="57" /> <icon height="114" platform="ios" src="res/icons/ios/icon@2x.png" width="114" /> <icon height="40" platform="ios" src="res/icons/ios/icon-40.png" width="40" /> <icon height="80" platform="ios" src="res/icons/ios/icon-40@2x.png" width="80" /> <icon height="50" platform="ios" src="res/icons/ios/icon-50.png" width="50" /> <icon height="100" platform="ios" src="res/icons/ios/icon-50@2x.png" width="100" /> <icon height="60" platform="ios" src="res/icons/ios/icon-60.png" width="60" /> <icon height="120" platform="ios" src="res/icons/ios/icon-60@2x.png" width="120" /> <icon height="180" platform="ios" src="res/icons/ios/icon-60@3x.png" width="180" /> <icon height="72" platform="ios" src="res/icons/ios/icon-72.png" width="72" /> <icon height="144" platform="ios" src="res/icons/ios/icon-72@2x.png" width="144" /> <icon height="76" platform="ios" src="res/icons/ios/icon-76.png" width="76" /> <icon height="152" platform="ios" src="res/icons/ios/icon-76@2x.png" width="152" /> <icon height="29" platform="ios" src="res/icons/ios/icon-small.png" width="29" /> <icon height="58" platform="ios" src="res/icons/ios/icon-small@2x.png" width="58" /> <icon height="87" platform="ios" src="res/icons/ios/icon-small@3x.png" width="87" /> <splash height="1136" platform="ios" src="res/screens/ios/Default-568h@2x~iphone.png" width="640" /> <splash height="1334" platform="ios" src="res/screens/ios/Default-667h.png" width="750" /> <splash height="2208" platform="ios" src="res/screens/ios/Default-736h.png" width="1242" /> <splash height="1242" platform="ios" src="res/screens/ios/Default-Landscape-736h.png" width="2208" /> <splash height="1536" platform="ios" src="res/screens/ios/Default-Landscape@2x~ipad.png" width="2048" /> <splash height="768" platform="ios" src="res/screens/ios/Default-Landscape~ipad.png" width="1024" /> <splash height="2048" platform="ios" src="res/screens/ios/Default-Portrait@2x~ipad.png" width="1536" /> <splash height="1024" platform="ios" src="res/screens/ios/Default-Portrait~ipad.png" width="768" /> <splash height="960" platform="ios" src="res/screens/ios/Default@2x~iphone.png" width="640" /> <splash height="480" platform="ios" src="res/screens/ios/Default~iphone.png" width="320" /> </platform> <!-- The gradle build tool is required for the phonegap-plugin-push --> <preference name="android-build-tool" value="gradle" /> <preference name="CrosswalkAnimatable" value="true" /> <preference name="xwalkMultipleApk" value="true" /> <plugin name="cordova-plugin-crosswalk-webview" source="npm" spec="2.4.0" /> <plugin name="cordova-plugin-whitelist" source="npm" spec="1.2.2" /> <config-file platform="android" parent="/manifest" mode="overwrite"> <application xmlns:android="http://schemas.android.com/apk/res/android" package="io.mxapps.elasticapp" xmlns:tools="http://schemas.android.com/tools" tools:replace="allowBackup, label" android:label="@string/app_name" android:allowBackup="false" android:debuggable="false" /> </config-file> <config-file platform="ios" parent="UIBackgroundModes" mode="delete"> <array> <string>remote-notification</string> </array> </config-file> <platform name="android"> <icon qualifier="ldpi" src="res/icons/android/drawable-ldpi-icon.png" /> <icon qualifier="mdpi" src="res/icons/android/drawable-mdpi-icon.png" /> <icon qualifier="hdpi" src="res/icons/android/drawable-hdpi-icon.png" /> <icon qualifier="xhdpi" src="res/icons/android/drawable-xhdpi-icon.png" /> <icon qualifier="xxhdpi" src="res/icons/android/drawable-xxhdpi-icon.png" /> <icon qualifier="xxxhdpi" src="res/icons/android/drawable-xxxhdpi-icon.png" /> <splash qualifier="land-ldpi" src="res/screens/android/drawable-land-ldpi-screen.png" /> <splash qualifier="land-mdpi" src="res/screens/android/drawable-land-mdpi-screen.png" /> <splash qualifier="land-hdpi" src="res/screens/android/drawable-land-hdpi-screen.png" /> <splash qualifier="land-xhdpi" src="res/screens/android/drawable-land-xhdpi-screen.png" /> <splash qualifier="land-xxhdpi" src="res/screens/android/drawable-land-xxhdpi-screen.png" /> <splash qualifier="land-xxxhdpi" src="res/screens/android/drawable-land-xxxhdpi-screen.png" /> <splash qualifier="port-ldpi" src="res/screens/android/drawable-port-ldpi-screen.png" /> <splash qualifier="port-mdpi" src="res/screens/android/drawable-port-mdpi-screen.png" /> <splash qualifier="port-hdpi" src="res/screens/android/drawable-port-hdpi-screen.png" /> <splash qualifier="port-xhdpi" src="res/screens/android/drawable-port-xhdpi-screen.png" /> <splash qualifier="port-xxhdpi" src="res/screens/android/drawable-port-xxhdpi-screen.png" /> <splash qualifier="port-xxxhdpi" src="res/screens/android/drawable-port-xxxhdpi-screen.png" /> </platform> <splash src="splash.png" /> <plugin name="cordova-plugin-cookieemperor" spec="https://github.com/rtk/cordova-cookie-emperor.git" /> <plugin name="com.crosswalk.cookies" spec="https://github.com/dokoto/crosswalk-cookies.git" /> </widget> Hello All, Application is utilizing an insecure method of file access. By specifying MODE_WORLD_READABLE or MODE_WORLD_WRITEABLE in file access methods this application provides read access to files to other applications on the device. How to disable this mode of file access in the application. Attached config.xml for your reference. Appreciate a prompt response. Thanks Salma
asked
ume shaik
0 answers