Answered
High Veracode flaw in Pendo SDK at PendoYoutubePlayer
Hi Pendo community,
I have had a Veracode scan for all of my apps (around 10+). 7 android apps are showing a High flaw that using addJavaScriptInterface() at PendoYoutubePlayer.
The High flaw states that a Dangerous method is exposed at PendoYouttubePlayer class. Use of this method before Android SDK revision 17 is dangerous.
May I know is there any minimum SDK added for Android Pendo SDK library?
Does Pendo aware of this high Veracode flaw.
Are there any plans on this to fix? Or Do I have to do anything from my side?
Thanks,
ravikumargv
0
Comments
The minimum SDK to use the Pendo library is 21.
So looks like a false positive, because your android app can not use Pendo if the minimum SDK is below 21 and reading your comments the flaw applies to SDK below 17
Thanks David Faerman for your reply.
All of my apps are using minSDK version as 21 only.
I will look from here.
Thanks.
Please sign in to leave a comment.