Answered

High Veracode flaw in Pendo SDK at PendoYoutubePlayer

Hi Pendo community,

 

I have had a Veracode scan for all of my apps (around 10+). 7 android apps are showing a High flaw that using addJavaScriptInterface() at PendoYoutubePlayer.

The High flaw states that a Dangerous method is exposed at PendoYouttubePlayer class. Use of this method before Android SDK revision 17 is dangerous.

May I know is there any minimum SDK added for Android Pendo SDK library?

Does Pendo aware of this high Veracode flaw.

Are there any plans on this to fix? Or Do I have to do anything from my side?

Thanks,

ravikumargv

0

Comments

3 comments
  • Official comment

    The minimum SDK to use the Pendo library is 21.
    So looks like a false positive, because your android app can not use Pendo if the minimum SDK is below 21 and reading your comments the flaw applies to SDK below 17

  • 0
  • Thanks David Faerman for your reply. 

    All of my apps are using minSDK version as 21 only.

    I will look from here.

     

    Thanks.

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post