SAST identified vulnerabilities fixable by Quixxi Shield

Modified on Fri, 16 Dec, 2022 at 10:59 PM

SAST identified vulnerabilities fixable by Quixxi Shield


Note: Only the vulnerabilities that are marked as "Fixable by Quixxi" can be fixed after Quixxi Shield integration (Refer below image)


In order to fix those vulnerabilities, you need to Toggle(on/off) respective shield configurations during app shielding (Configuration screen below)



To eliminate the identified vulnerabilities, please follow the below table: 


Note: This reference table helps to point out which security setting to enable for eliminating the vulnerabilities identified by SAST scan.


For Android - APK
S.NoSAST SCAN Vulnerability Identified By QuixxiMake sure you enable the following option during App Shielding
1Protection of text fields from copying the text and paste outside your appDisable Copy & Paste Functionality 
2Outputting Logs to Logcat /  Logging Sensitive Information Enable to remove logs used in the application 
3Certificate PinningSSL certification validation / SSL pinning
4Emulator Detection Check Terminate app when the app is connected to Emulator 
5Check for Usage of Native(C, C++) CodeAutomatically Fixed by Quixxi
6Is App DebuggableAutomatically Fixed by Quixxi
7Usage of  Installer verification codeAutomatically Fixed by Quixxi
8Protection of app screens by blurring when the app is running in backgroundDisable Screenshots & Screen sharing Functionality 
9Protection of capturing screenshots & sharing screens outside your appDisable Screenshots & Screen sharing Functionality 
10Executing "root" or System Privilege CheckTerminate app when the app is running in rooted device 
For iOS - iPA
S.NoSAST SCAN Vulnerability Identified By QuixxiMake sure you enable the following option during App Shielding
1Certificate Pinning checkSSL certificate validation via SSL pinning
2Protect the app from screen sharingScreen Protection
3Protection of text fields from copy and paste outside your appDisable Copy & Paste functionality on text fields
4Jailbroken checkTerminate the app running in jailbroken phones
5Unencrypted user defaultsEncrypt App Preferences stored using UserDefaults
6Unencrypted local runtime filesEncrypt files created by the application at runtime


For any other clarifications, you can always mail to support@quixxi.com

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article