Hello Appcelerator team,
One of our client's security team has done penetration test on our appcelerator application and they have shared few concerns with us to patch.
Our mobile team have gone through those points and found that those issues are related to native Xcode build generated from appcelerator studio.
Please go through below points with description and severity:
1. Binary make use of banned API(s)_CWE-676
Description:The binary may contain the following banned API(s) _sprintf, _gets, _alloca, _strlen, _stat, _memcpy, _strncpy, _printf, _fopen, _vsnprintf, _sscanf, _strcpy.
2. Binary make use of the following Weak HASH API(s)_CWE-327
Description:The binary may use the following weak hash API(s) CC_SHA1, CC_MD5
3. Binary make use of malloc Function_CWE-789
Description:The binary may use malloc function instead of calloc
4. Weak Jaibroken Device Detection
Description: A developer can incorporate different checks in his application to examine whether the device on which the application is running is jailbroken or not. Most of these checks are naive and could be easily bypassed.
for point 4, is there any feature or functionality available to bind extra layer of security to detect whether device is jail broken or rooted through appcelerator coding environment?