I analysed my app obfuscated usign DexGuard with AppSweep and in the most recent analyses I noticed a new issue (added in one of the most recent versions of AppSweep):

MODE_WORLD_READABLE is used to create a file that is accessible to all other apps on the device

I don’t find where it is used in my code and so I analysed the unobfuscated version of my app: in this case the issue doesn’t appear.

Is it possible that it is a false positive? Can it be added by DexGuard?

Best regards,

Hi @e.bonaldo,

this indeed is a false positive in AppSweep.

Analysis of the unobfuscated app is fairly easy for AppSweep, so it can (more) precisely determine if an issue can appear in practise.
Once you apply sophisticated obfuscation, this can make it hard (or even impossible) to automatically analyse. This is what is happening in your scan.

In AppSweep, you can suppress the specific finding as a false positive via the crossed-out eye icon on the top right of the finding. Then this will not show up again in subsequent scans.

If you have more questions, you can also reach out to us via the chat in AppSweep itself, then we can help you more interactively.

All the best,

1 Like