I have an Android apk created from a Flutter project. I have added this apk to AppSweep and it returns the following issue: Legacy cryptographic classes used. Several classes in the java.security package have been marked as legacy and must no longer be used. Please refer to the Android SDK documentation for information on how to securely use cryptography in your app.
Do you have any idea where can I find those legacy cryptographic classes or how can I solve this issue?
I have attached an image with the issue after I have uploaded the apk to AppSweep Dexguard
2
Answers
I think that you added some packages on
pubspec.yaml
that might cause this warning like Firebase , However as much as you didn’t modify anything on java classes , you are good don’t worry about those warnings .the easiest way to get answers for specific questions from an AppSweep scan is to use the chatbot on the bottom right. Then you can talk to the team directly, and we can give you more direct help.
For the issue you mentioned, this is in a class that was name-obfuscated, so from the finding alone it is very difficult (or impossible) to know exactly where this issue comes from.
If you use the Gradle plugin (see documentation in AppSweep), the mapping file is also uploaded, and we are able to show you the original class name.
From there it is likely easier to determine where the issue comes from.
Dennis
(one of the creators of AppSweep)