blob: 0b00ae401a60d06ce971f3b4bdab5bba011e5695 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
---
- ignore-rules:
# Sensitive data isn't logged. There's also an external issue to scan log calls (DROID-527).
- android_kotlin_logging
# The kotlin code isn't responsible for any external API communication and therefore the risk for
# including sensitive credentials is very small. This check also caused many false-positives since
# the keyword "key" is used throughout the app to for arguments, bundles and preferences.
- android_kotlin_hardcoded
# Intentially not prevented due to a technical user base. We might however want to inform users,
# which is something we'll review in an externally tracked issue (DROID-528).
- android_root_detection
- android_safetynet
# The backend API communication is done by the Mullvad Daemon which is built in rust.
- android_ssl_pinning
- android_certificate_pinning
- android_certificate_transparency
# Sensitive screens currently prevent screenshots.
- android_prevent_screenshot
# Will be investigate in the externally tracked issue DROID-529.
- android_tapjacking
# We've currently decided to support Android 8.
- android_manifest_insecure_minsdk
|
