Security vulnerability on using insecure function like execSQL which is found in firebase android sdk
firebase-android-sdk in SchemaManager.java it uses execSQL. This is being raised as as a security vulnerability from the Security Audit. Please find the path below :
transport/transport-runtime/src/main/java/com/google/android/datatransport/runtime/scheduling/persistence/SchemaManager.java
Is this will affect the application as we use firebase in our application? Is it a false positive? or in the further version alternative of execSQL can be used.
The execSQL statements identified manipulate the local SQLite database that the Android SDK uses to cache Firestore data. They're not a security risk.
This is also not a feature request. Going forward please report security concerns directly on the relevant repo, rather than here.
-
Admin SaaS commented
Thanks for the response. I raised this concern in the GCP support. But, they redirected to check it here.