I am getting following error while generating Dynamic analysis report: Don't Play Around. An Error just popped in! Cosole says: [INFO] Waiting for TAR dump to complete...

[ERROR] TAR Generation Failed. Process timed out.

[INFO] Dumping Application Files from Device/VM remote object '/data/local/com.myapp.custom.tar' does not exist

[INFO] Stopping ADB [06/May/2016 15:11:17]"POST /DumpData/ HTTP/1.1" 200 15

[INFO] Dynamic Analysis Report Generation

[INFO] Dynamic API Analysis

[2016-05-06 15:11:17] [ERROR] Dynamic API Analysis (C:\Users\origami\Downloads\MobSF\DynamicAnalyzer\views.py, LINE 681 "with open(LOCATION,"r") as f:"): [Errno 2] No such file or directory: u'C:\Users\origami\Downloads\MobSF\uploads/c3df704d723c5ae7a1a64bf58b843a5a/x_logcat.txt'

[INFO] Dynamic File Analysis

[2016-05-06 15:11:17] [ERROR] Dynamic Analysis Report Generation (C:\Users\origami\Downloads\MobSF\DynamicAnalyzer\views.py, LINE 483 "URL,DOMAINS,EMAIL,HTTP,XML,SQLiteDB,OtherFiles=RunAnalysis(APP_DIR,MD5,PKG)"): [Errno 2] No such file or directory: u'C:\Users\origami\Downloads\MobSF\uploads/c3df704d723c5ae7a1a64bf58b843a5a/x_logcat.txt' [06/May/2016 15:11:17]"GET /Report/?md5=c3df704d723c5ae7a1a64bf58b843a5a&pkg=com.myapp.custom HTTP/1.1" 302 0 [06/May/2016 15:11:17]"GET /error/ HTTP/1.1" 200 4602 [06/May/2016 15:11:17]"GET /static/bootstrap/css/bootstrap.min.css HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/css/ionicons.min.css HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/css/font-awesome.min.css HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/dash/css/AdminLTE.min.css HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/dash/css/skins/_all-skins.min.css HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/css/style.css HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/plugins/jQuery/jQuery-2.1.4.min.js HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/bootstrap/js/bootstrap.min.js HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/plugins/fastclick/fastclick.min.js HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/dash/js/app.min.js HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/plugins/slimScroll/jquery.slimscroll.min.js HTTP/1.1" 304 0 [06/May/2016 15:11:17]"GET /static/js/docs.js HTTP/1.1" 304 0

While starting manager.py C:\Users\origami\Downloads\MobSF>python manage.py runserver

Mobile Security Framework v0.9.2 Beta

| / | ___ | |/ ___|| __| __ __/ _ \ / _ \ |
| |/| |/ _ | '_ ___ | |_ \ \ / / | | | () | __) | | | | | () | |) |**) | | \ V /| || |**, | / **/ || ||/|.__/__/|| _/ _() /()__**|

[INFO] Finding JDK Location in Windows....

[INFO] Oracle JDK Identified. Looking for JDK 1.7 or above

[INFO] Oracle Java (JDK >= 1.7) is installed!

Mobile Security Framework v0.9.2 Beta

| / | ___ | |/ ___|| __| __ __/ _ \ / _ \ |
| |/| |/ _ | '_ ___ | |_ \ \ / / | | | () | __) | | | | | () | |) |**) | | \ V /| || |**, | / **/ || ||/|.__/__/|| _/ _() /()__**|

[INFO] Finding JDK Location in Windows....

[INFO] Oracle JDK Identified. Looking for JDK 1.7 or above

[INFO] Oracle Java (JDK >= 1.7) is installed! Performing system checks...

System check identified no issues (0 silenced). May 06, 2016 - 12:04:26 Django version 1.8, using settings 'MobSF.settings' Starting development server at http://127.0.0.1:8000/

! ONGOING PR !

• Tested on Windows til now
• Changed the Java view to the tree-view
• Used jsTree library for the javascript tree-view (@ajinabraham - do we need to add their license?)
• The whole data is generated within the HTML with a os.dir + template generator hack, big thanks to Elf Sternberg from this thread
• For now the filename filtering is done in the client side, and the content search is done both in the client and server side (Query the find source view for all the files that match the query -> get all of the files and only "higlight" them in the client side - actually I search the whole paths with a hack in the client side, refer to the new search callback for the implementation...)

When I upload and apk file in Mobsf Internal error:34 is seen. Results are not coming. Can you please help in fix this issue.

Steps to reproduce:

1.In command prompt run "run.bat" 2.Go the localhost url and upload the apk file 3.Internal error:34 and in log files Internal Server Error: /StaticAnalyzer/ ERROR:django.request:Internal Server Error: /StaticAnalyzer/ will be seen.

LOG FILE

[INFO] 23/May/2019 21:44:29 -

| / | ___ | |/ || | __ / | / _
| |/| |/ _ | ' _ | | \ \ / / || | | | | | | | () | |_) |) | | \ V /| || || | || ||_/|.__//|| _/ |()_/

[INFO] 23/May/2019 21:44:29 - Mobile Security Framework v1.1.1 Beta REST API Key: 5c55a2cda130fbdc6815726fab3b7bdd68de3c82a6857d911b8bac1f0c4c8bff [INFO] 23/May/2019 21:44:29 - OS: Windows [INFO] 23/May/2019 21:44:29 - Platform: Windows-10-10.0.17763-SP0 [INFO] 23/May/2019 21:44:29 - Finding JDK Location in Windows.... [INFO] 23/May/2019 21:44:30 - Oracle Java JDK is installed! [WARNING] 23/May/2019 21:44:30 - Could not find VirtualBox path. [INFO] 23/May/2019 21:44:30 - MobSF Basic Environment Check [INFO] 23/May/2019 21:44:30 - Checking for Update. [INFO] 23/May/2019 21:44:31 - No updates available. [INFO] 23/May/2019 21:44:38 - MIME Type: application/vnd.android.package-archive FILE: exploiter.apk [INFO] 23/May/2019 21:44:38 - Performing Static Analysis of Android APK [INFO] 23/May/2019 21:44:38 - Starting Analysis on : Exploiter.apk [INFO] 23/May/2019 21:44:38 - Generating Hashes [INFO] 23/May/2019 21:44:38 - Unzipping [INFO] 23/May/2019 21:44:39 - Getting Hardcoded Certificates/Keystores [INFO] 23/May/2019 21:44:39 - APK Extracted [INFO] 23/May/2019 21:44:39 - Converting AXML to XML S: WARNING: Could not write to (C:\Users\kiruthiga.k.r\AppData\Local\apktool\framework), using C:\Users\KIRUTH~1.R\AppData\Local\Temp\ instead... S: Please be aware this is a volatile directory and frameworks could go missing, please utilize --frame-path if the default storage directory is unavailable [INFO] 23/May/2019 21:44:48 - Reading Android Manifest [INFO] 23/May/2019 21:44:48 - Parsing AndroidManifest.xml [INFO] 23/May/2019 21:44:48 - Fetching icon path [INFO] 23/May/2019 21:44:49 - Extracting Manifest Data [INFO] 23/May/2019 21:44:49 - Fetching Details from Play Store: opensecurity.exploiter [WARNING] 23/May/2019 21:44:49 - Unable to get app details. Invalid application ID: opensecurity.exploiter. 404 Client Error: Not Found for url: https://play.google.com/store/apps/details?id=opensecurity.exploiter&hl=en&gl=us [INFO] 23/May/2019 21:44:49 - Manifest Analysis Started [INFO] 23/May/2019 21:44:49 - Static Android Binary Analysis Started [INFO] 23/May/2019 21:44:49 - Static Android Resource Analysis Started [INFO] 23/May/2019 21:44:49 - Reading Code Signing Certificate [INFO] 23/May/2019 21:44:50 - Running APKiD 2.0.2 [ERROR] 23/May/2019 21:44:50 - internal error: 34 [ERROR] 23/May/2019 21:44:50 - Internal Server Error: /StaticAnalyzer/ ERROR:django.request:Internal Server Error: /StaticAnalyzer/

I am receiving the following error when I try to download the pdf version of the report.

PDF Error: [ERROR] PDF Report Generation Error (/MobSF/Mobile-Security-Framework-MobSF-0.9.2/StaticAnalyzer/views.py, LINE 148 "pdf = pisa.pisaDocument(StringIO( "{0}".format(html.encode('utf-8'))), result, encoding='utf-8')"): global name 'pisa' is not defined

Please assist me in fixing this error.

Thanks in advance for your help!

EXPLANATION OF THE ISSUE

Hello, I'm using the MobSF for static analysis. I have installed the MObSF requirements on Windows 7 machine. I have followed the documentation on link "https://github.com/MobSF/Mobile-Security-Framework-MobSF/wiki/1.-Documentation" for installation. While running the MobSF and uploading the apk file, I'm getting the error " 'NoneType' object does not support item assignment"

STEPS TO REPRODUCE THE ISSUE

1. This is the first step
2. This is the second step
3. Further steps, etc.

CONSOLE OUTPUT

Paste the output generated at your console/terminal while scanning the mobile app.
The console log should contain the error or bug you are seeing
(NOT REQUIRED FOR FEATURE REQUEST/ENHANCEMENT)

D:\Python36>python.exe d:\Mobile-Security-Framework-MobSF\manage.py runserver Performing system checks...

| / | ___ | |/ || | __ / | / _
| |/| |/ _ | ' _ | | \ \ / / || | | | | | | | () | |_) |) | | \ V /| || || | || ||_/|.__//|| _/ |()_/

Mobile Security Framework v1.0 Beta

REST API Key: a79edbcec9aa119f30d2d2bc07e525bae83f9cd259e8bb5df91c6fdb87789a81 OS: Windows Platform: Windows-7-6.1.7601-SP1

[WARNING] Could not find VirtualBox path.

[INFO] Checking for Update.

[INFO] No updates available. System check identified no issues (0 silenced). May 11, 2018 - 11:14:38 Django version 2.0.5, using settings 'MobSF.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CTRL-BREAK. [11/May/2018 11:15:19] "GET / HTTP/1.1" 200 7723 [INFO] MIME Type: application/vnd.android.package-archive FILE: Testapp.apk

[INFO] Performing Static Analysis of Android APK [11/May/2018 11:15:31] "POST /upload/ HTTP/1.1" 200 134 [INFO] Starting Analysis on : Testapp.apk [INFO] Generating Hashes [INFO] Unzipping [INFO] Getting Hardcoded Certificates/Keystores [INFO] APK Extracted [INFO] Converting AXML to XML

[2018-05-11 11:15:42] [ERROR]Getting Manifest file (d:\Mobile-Security-Framework-MobSF\StaticAnalyzer
views\android\manifest_analysis.py, LINE 1304 "subprocess.check_output(args)"): [WinError 2] The system cannot find the file specified

[2018-05-11 11:15:42] [ERROR] Reading Manifest file (d:\Mobile-Security-Framework-MobSF\StaticAnalyzer \views\android\manifest_analysis.py, LINE 1259 "if isFileExists(manifest):"): st at: path should be string, bytes, os.PathLike or integer, not NoneType [INFO] Parsing AndroidManifest.xml

[2018-05-11 11:15:42] [ERROR] apktool failed to extract AndroidManifest.xml or parsing failed (d:\Mobi le-Security-Framework-MobSF\StaticAnalyzer\views\android\manifest_analysis.py, L INE 28 "manifest = minidom.parseString(dat)"): a bytes-like object is required, not 'NoneType' [WARNING] Using Fake XML to continue the Analysis [INFO] Fetching icon path [INFO] Extracting Manifest Data [INFO] Manifest Analysis Started [INFO] Static Android Binary Analysis Started [INFO] Static Android Resourse Analysis Started [INFO] Reading Code Signing Certificate

[2018-05-11 11:15:44] [ERROR] Reading Code Signing Certificate (d:\Mobile-Security-Framework-MobSF\Sta ticAnalyzer\views\android\cert_analysis.py, LINE 65 "dat = subprocess.check_outp ut(args)"): [WinError 2] The system cannot find the file specified [INFO] DEX -> JAR [INFO] Using JAR converter - dex2jar [INFO] Converting d:\Mobile-Security-Framework-MobSF\uploads/56e9273f71f06d29ea6 e98c45b77e890\classes.dex to JAR [INFO] Running JAVA path fix in Windows '"D:/Program Files/Java/jdk-10.0.1/binjava"' is not recognized as an internal or external command, operable program or batch file. [INFO] Converting d:\Mobile-Security-Framework-MobSF\uploads/56e9273f71f06d29ea6 e98c45b77e890\classes2.dex to JAR [INFO] Running JAVA path fix in Windows '"D:/Program Files/Java/jdk-10.0.1/binjava"' is not recognized as an internal or external command, operable program or batch file. [INFO] DEX -> SMALI [INFO] Converting d:\Mobile-Security-Framework-MobSF\uploads/56e9273f71f06d29ea6 e98c45b77e890\classes.dex to Smali Code

[2018-05-11 11:15:44] [ERROR] Converting DEX to SMALI (d:\Mobile-Security-Framework-MobSF\StaticAnalyz er\views\android\converter.py, LINE 112 "subprocess.call(args)"): [WinError 2] T he system cannot find the file specified [INFO] JAR -> JAVA [INFO] Static Android Code Analysis Started [INFO] Code Analysis Started on - d:\Mobile-Security-Framework-MobSF\uploads/56e 9273f71f06d29ea6e98c45b77e890/java_source/ [INFO] Performing Malware Check on extracted Domains [INFO] Finished Code Analysis, Email and URL Extraction

[INFO] Generating Java and Smali Downloads [INFO] Generating Downloads [INFO] Zipping [INFO] Zipping [INFO] Extracting Strings from APK

[INFO] Connecting to Database

[INFO] Saving to Database

[2018-05-11 11:15:45] [ERROR] Saving to DB (d:\Mobile-Security-Framework-MobSF\StaticAnalyzer\views\an droid\db_interaction.py, LINE 218 "CERT_INFO=cert_dic['cert_info'],"): 'NoneType ' object is not subscriptable

[2018-05-11 11:15:45] [ERROR] Rendering to Template (d:\Mobile-Security-Framework-MobSF\StaticAnalyzer \views\android\db_interaction.py, LINE 105 "'certinfo': cert_dic['cert_info'],") : 'NoneType' object is not subscriptable ←[1m←[91m[ERROR] 'NoneType' object does not support item assignment←[0m [11/May/2018 11:15:45] "GET /StaticAnalyzer/?name=Testapp.apk&type=apk&checksum= 56e9273f71f06d29ea6e98c45b77e890 HTTP/1.1" 500 4835

Error message showing on the browser:

Don't Play Around. An Error just popped in! Inappropriate argument type.

'NoneType' object does not support item assignment

CONTENTS OF LOG FILES

MobSF.log

Paste the contents of logs/MobSF.log here
(NOT REQUIRED FOR FEATURE REQUEST/ENHANCEMENT)

If you have issues with API Fuzzer,
Paste the contents of logs/webproxy.log here
(NOT REQUIRED FOR FEATURE REQUEST/ENHANCEMENT)

The docker image size of MobSF is more than 1.7GB. Can we decrease the size of the image ?

A solution could be using a different (lightweight) base image or install only the recommended software to compile and run MobSF.

Currently, app score is calculated as:

avg_cvss = round(sum(cvss_scores) / len(cvss_scores), 1)
app_score = int((10 - avg_cvss) * 10)

Since average CVSS score is used, it could happen that if an app has one major issue and multiple minor ones, it would score better than if it only had a major issue.

For example, if an issue is introduced to an app that already has higher average cvss than that issue, app would actually have higher score than before even though it now has more issues.

This could be a problem for CI workflow because it will not catch regression in that case.

I suggest using a different scoring scheme that would calculate scores as 100 - percentage of maximum CVSS for a particular platform, or any other scheme that would avoid using averages.

I have configured the virtual machine in virtualbox 1:1 with https://github.com/MobSF/Mobile-Security-Framework-MobSF/wiki/1.-Documentation

The mobsf/settings.py contains:

UUID = '<uuid from vbox file>'
SUUID = '<suuid taken from current snapshot from the vbox file>'
VM_IP= '192.168.56.3'
VM_ADB_PORT = 5555

PROXY_IP = '192.168.56.1'
PORT = 1337

The proxy ip is the adress of the vbox ip adapter thats assigned to the vm machine But all I'm getting is:

Could not find a registered machine with UUID {uuid from vbox file}
Details" code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001) ... 
Context: "FindMachine(Bstr(a->...

Hi there,

Below is the error i received when i try to run on windows 8.1 Enterprise

C:\MobSf
> python manage.py runserver
[INFO] Running first time setup for windows.
[*] Reading config file..
Traceback (most recent call last):
  File "manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "C:\PentestBox\base\python\Lib\site-packages\django\core\management\__init__.py", line 367, in execute_from_command_line
    utility.execute()
  File "C:\PentestBox\base\python\Lib\site-packages\django\core\management\__init__.py", line 316, in execute
    settings.INSTALLED_APPS
  File "C:\PentestBox\base\python\Lib\site-packages\django\conf\__init__.py", line 53, in __getattr__
    self._setup(name)
  File "C:\PentestBox\base\python\Lib\site-packages\django\conf\__init__.py", line 41, in _setup
    self._wrapped = Settings(settings_module)
  File "C:\PentestBox\base\python\Lib\site-packages\django\conf\__init__.py", line 97, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
  File "C:\PentestBox\base\python\lib\importlib\__init__.py", line 37, in import_module
    __import__(name)
  File "C:\MobSf\MobSF\settings.py", line 378, in <module>
    windows_setup.install_locally(MobSF_HOME)
  File "C:\MobSf\install\windows\setup.py", line 397, in install_locally
    rewrite_config()
  File "C:\MobSf\install\windows\setup.py", line 372, in rewrite_config
    CONFIG['MobSF']['dir'] = expanduser("~") + CONFIG['MobSF']['dir']
AttributeError: ConfigParser instance has no attribute '__getitem__'

I am running with admin privileges.

pls find the logs of the issue

[2016-08-01 17:50:57] [ERROR] Device Data Dump (C:\MobSF\DynamicAnalyzer\views\android.py, LINE 332 "if "MOBSEC-TAR-CREATED" in subprocess.check_output([adb, "-s", getIdentifier(), "shell", "cat", "/sdcard/mobsec_status"]):"): Command '['C:\MobSF\DynamicAnalyzer/tools/adb/windows/adb.exe', '-s', '192.168.56.101:5555', 'shell', 'cat', '/sdcard/mobsec_status']' returned non-zero exit status -1

and let me know how to resolve it

EXPLANATION OF THE ISSUE

Using the Docker for iOS pen test:

I am using the Docker for iOS app test on a Mac. However, I get the following message:

Requires OSX. iOS Application Security Analysis requires OSX.

How can I use the docker on the Mact to test the iOS app test.

CONSOLE OUTPUT

[INFO] MIME Type: application/octet-stream FILE: Nudge.ipa

[ERROR] Static Analysis of iOS IPA requires OSX
[08/Mar/2017 19:41:41] "POST /Upload/ HTTP/1.1" 200 60
[08/Mar/2017 19:41:41] "GET /MAC_ONLY/ HTTP/1.1" 200 4618

Update quark-engine from 22.10.1 to 22.11.1.

**New Features**

* Add new Quark Script APIs to detect CWE-319 and CWE-327. (413 and 428) 

[Here](https://quark-engine.readthedocs.io/en/latest/quark_script.html)'s the relevant document. 

**UI Enhancements**

* Fix typos in Quark Web Report. (414 and 419)
* Make grid lines in Quark Web Report more visible. (419)

**Document enhancements**

* Spotlight Quark Script in README. (424)
* Add Quark Script Quick Start instruction. (422)

Update frida from 15.2.2 to 16.0.8.

See https://frida.re/news/ for details.

See https://frida.re/news/ for details.

See https://frida.re/news/ for details.

See https://frida.re/news/ for details.

See https://frida.re/news/ for details.

See https://frida.re/news/ for details.

See https://frida.re/news/ for details.

See https://frida.re/news/ for details.

See https://frida.re/news/ for details.

When building my own image based on official dockerhub FROM opensecurity/mobile-security-framework-mobsf
I'm required to include three additional lines of code into my own Dockerfile I would like to reduce that amount to single line

Stacktrace:

RUN ./scripts/postgres_support.sh True
Postgres support : True
Defaulting to user installation because normal site-packages is not writeable
Collecting psycopg2-binary
  Downloading psycopg2_binary-2.9.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.0 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 42.3 MB/s eta 0:00:00
Installing collected packages: psycopg2-binary
ERROR: Could not install packages due to an OSError: [Errno 13] Permission denied: '/home/mobsf/.local/lib'
Check the permissions.

The command '/bin/sh -c ./scripts/postgres_support.sh True' returned a non-zero code: 1

What may solve it:

USER root
RUN chown -R mobsf:mobsf /home/mobsf
USER mobsf
RUN ./scripts/postgres_support.sh True

ENVIRONMENT

OS and Version: Android
Python Version:
MobSF Version: MobSF v3.5.2 Beta

EXPLANATION OF THE ISSUE

Target SDK: 31
Min SDK: 26
Kotlin Version: 1.7.10

The static analysis report shows the following warning issue.

> Issue: App can read/write to External Storage. Any App can read data written to External Storage.
> Severity: Warning
> Standards: 
  > CWE: CWE-276: Incorrect Default Permissions
  > OWASP Top 10: M2: Insecure Data Storage
  > OWASP MASVS: MSTG-STORAGE-2
> Files: com.google.android.play.core.assetpacks.da​

But this issue disappears by disabling the obfuscation(ProGuard) and minify(minifyEnabled = false)

Expected behavior: Issue read/write to External Storage should not exist with obfuscation and optimization enabled.

STEPS TO REPRODUCE THE ISSUE

1. Generate APK
2. Upload & generate the static report

LOG FILE

I suggest using geoip2 library instead of IP2Location, because it supports multiple languages

Describe the solution you'd like IP address information display in different languages

pip install geoip2 http://dev.maxmind.com/geoip/geoip2/geolite2

ENVIRONMENT

OS and Version: Ubuntu 20.04.4 LTS
Python Version: 3.8.10
MobSF Version: 3.6.1

EXPLANATION OF THE ISSUE

We deployed MobSF application in kubernetes cluster(use image built from the last code version(commit 075e9c18623a78a30774391d83566e40e664eb1d) with postgres support). We use m5.2xlarge aws instance as node and EFS storage which is mounted to uploads and downloads folders. Also RDS postgres DB is used.

We set following limits in kubernetes deployment:

 limits:
 	cpu: 7500m
            memory: 30Gi

But even with this configuration we are facing performance issues and pod is restarting from time to time due to high memory consumption. Even when there isn’t any scan in progress, application can use a lot of RAM(For examle, now it’s about 10Gb). Also we found that if we are doing some actions on UI side of application(not scanning) RAM usage increases decently.

Previously we used vm setup and faced similar issues but in this case instance stuck and we needed to reboot it.

ENVIRONMENT

OS and Version: MacOS 12.6
Python Version: 3.10.7
MobSF Version: 

EXPLANATION OF THE ISSUE

In APK's where networksecurityconfig attribute declares a filename like "another_security_config.xml" and then in res/xml folder both, "network_security_config.xml" and "another_security_config.xml" is present, MobSF will choose "network_security_config.xml" file (basically whichever comes first while iterating over xml files in the folder).

The reason being, in the code in network_security.py, it is checking for presence of either declare config file name or "network_security_config", and in current case it is always choosing "network_security_config", as co-incidentally "network_security_config.xml" file is also present in the application.

STEPS TO REPRODUCE THE ISSUE

Can be reproduced for MyJio v7.0.19 application (https://www.apkmirror.com/apk/jio-platforms-limited/myjio/myjio-7-0-19-release/).

In the app, the manifest declares:

networkSecurityConfig="@xml/network_security"

And application contains two network security config files:

• network_security.xml
• network_security_config.xml

MobSF will choose "network_security_config.xml"