Android Android Manifest vulnerabilities

Hello everyone! How can I solve this problem?

In the app manifest file, your app configured the attribute 'android:allowBackup' in the wrong place. This is an attribute that can only be placed in <application>. However, if you are using this attribute to prevent the data being unexpectedly backed up or stored in external storage by setting it to false, then if it is also in the wrong place, the configuration will not be effective and the backup feature is still allowed. As a result, the attackers may utilize this feature to backup your app data, and might steal the user privacy data or login credentials stored in your app.We have identified privilege escalation of some apps containing similar misconfigurations:
 

Mert

Member
I also received this e-mail from "We are a group of security researchers from SecLab [1] at Ohio State University, and Kryptowire LLC "

The same e-mail, exactly.
 
Top