The Indian Overseas Bank Android app has 50,000 to 1,00,000 users and this vulnerability can be dangerous if a fully permitted malware performs this attack on the app in the same device and steals users’ netbanking usernames & passwords.
About the vulnerability
Java script injected in activity: com.iob_phone.ui.IOBProductDetailActivitywith injection String: document.getElementsByTagName('body')<0>.setAttribute('style', 'background-color: red');
Severity and Impact
In today's agile development environment, about 70-80% of all android apps are hackable, as developers focus more on productivity and innovation, pushing their security concerns backstage. With the amount of information, the android apps ask for and consume, it is only logical that these applications appear as a very lucrative and attractive target for hackers.
Appvigil provides an automated test framework for android developers to scan and test their android applications against state of the art security vulnerabilities. The developers can use Appvigil to scan their application executable files for a detailed report containing the type of vulnerability, exact location of the security concern in the application and references/guide to patch up the security issues in their android apps.