Cryptographic APIs misuses
I'm a researcher exploring Static Analysis tools for detecting vulnerabilities due to crypto-API misuses. We have detected 14 warnings that reveal possible incorrect usages of the JCA library on Moneybuster. We documented these issues in private gists that we are willing to share with you.
How should we proceed to share these issues? We hope you can evaluate the severity of these warnings so that we can provide some fixes to them.
App version: net.eneiluj.moneybuster_35.apk App source: F-Droid