| Vulnerabilities | Description |
| Improper Session Handling | Mobile apps may mishandle user sessions, potentially leaving sensitive data exposed or accessible to unauthorized users. Improper session management can lead to session fixation attacks or session hijacking, where attackers take control of active sessions to impersonate users. |
| Broken Cryptography | Insecure encryption or cryptographic implementations can render data protection ineffective. Weak encryption algorithms or improper key management can allow attackers to decrypt sensitive information, exposing user data. |
| Security Misconfigurations | Misconfigurations in the app’s settings or server-side components can create vulnerabilities. Common misconfigurations include overly permissive permissions, open ports, or default credentials left unchanged. Cybercriminals can exploit these oversights to gain unauthorized access. |