Adriano_ppaula
Member
Hello everyone! How can I solve this problem?
In the app manifest file, your app configured the attribute 'android:allowBackup' in the wrong place. This is an attribute that can only be placed in <application>. However, if you are using this attribute to prevent the data being unexpectedly backed up or stored in external storage by setting it to false, then if it is also in the wrong place, the configuration will not be effective and the backup feature is still allowed. As a result, the attackers may utilize this feature to backup your app data, and might steal the user privacy data or login credentials stored in your app.We have identified privilege escalation of some apps containing similar misconfigurations:
In the app manifest file, your app configured the attribute 'android:allowBackup' in the wrong place. This is an attribute that can only be placed in <application>. However, if you are using this attribute to prevent the data being unexpectedly backed up or stored in external storage by setting it to false, then if it is also in the wrong place, the configuration will not be effective and the backup feature is still allowed. As a result, the attackers may utilize this feature to backup your app data, and might steal the user privacy data or login credentials stored in your app.We have identified privilege escalation of some apps containing similar misconfigurations: