🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Insecure App Permissions

Security misconfiguration in mobile apps arises from improperly configured security settings, permissions, or controls, creating vulnerabilities that can be exploited for unauthorised access or malicious activities.

Remediation

  • Review and minimise app permissions to only those strictly necessary for functionality, avoiding overprivileged access.
  • Enforce secure default configurations for the application, ensuring all security settings are correctly applied during deployment.
  • Disable debugging or developer features (e.g., logging sensitive data) in production builds to prevent attackers from leveraging them.
  • Use secure storage mechanisms, such as Android Keystore or iOS Secure Enclave, to protect sensitive information.

Metadata

  • Severity: low
  • Slug: insecure-app-permissions

OWASP

  • M8:2024: Security Misconfiguration App

Available Labs

Open Swift labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.