CloudSEK logo
AboutAsset ExplorerContactBlogScan App
LOGIN
com.infonow.bofa

Bank of America Mobile Banking

com.infonow.bofa (23.08.02)

Security Rating
6.9
AVERAGE
DOWNLOAD REPORT
VIEW CERTIFICATE
HIDE REPORT
SHARE
Use BeVigil on your Phone
Download the BeVigil App
BeVigil playstore
BeVigil playstore
OPEN REPORT MENU
SUMMARY
ISSUES SEVERITY
MANIFEST SCANNER
exported activity
MEDIUM
resources/AndroidManifest.xml
VULNERABILITIES
Weak Crypto Algorithms
MEDIUM
sources/com/ml/mobile/framework/crash/MLCrashReport.java
STRINGS
google api key
LOW
resources/res/values/strings.xml
ASSETS
file path
LOW
resources/res/values/strings.xml
0 CRITICAL severity MANIFEST issues present
0 HIGH severity MANIFEST issues present
1 MEDIUM severity MANIFEST issues present
0 LOW severity MANIFEST issues present
0 INFO severity MANIFEST issues present
0 RESILIENCE severity MANIFEST issues present
0 CRITICAL severity VULNERABILITIES issues present
2 HIGH severity VULNERABILITIES issues present
39 MEDIUM severity VULNERABILITIES issues present
29 LOW severity VULNERABILITIES issues present
38 INFO severity VULNERABILITIES issues present
0 RESILIENCE severity VULNERABILITIES issues present
0 CRITICAL severity STRINGS issues present
0 HIGH severity STRINGS issues present
148 MEDIUM severity STRINGS issues present
2251 LOW severity STRINGS issues present
0 INFO severity STRINGS issues present
0 RESILIENCE severity STRINGS issues present
0 CRITICAL severity ASSETS issues present
0 HIGH severity ASSETS issues present
0 MEDIUM severity ASSETS issues present
3719 LOW severity ASSETS issues present
0 INFO severity ASSETS issues present
0 RESILIENCE severity ASSETS issues present
ISSUES
Weak Crypto Algorithms - 14 issues
Non-parameterized SQL Query - 5 issues
Accepting all SSL certificates - 1 issues
Super user privileges may be requested - 4 issues
Possible Object Deserialization - 9 issues
CBC Padding Oracle Attack Possible - 4 issues
Accept Self Signed Certificate - 4 issues
Insecure Pending Intent - 4 issues
SSL pinning by app - 3 issues
Insecure Activity Start - 1 issues
Insecure Random Used - 35 issues
Jackson Deserialization used - 1 issues
Frida server detection by app - 7 issues
Sensitive Information in Logs - 8 issues
Storage of sensitive information in Shared Preferences - 4 issues
WebView javascript enabled - 1 issues
Check for rooted device by app - 3 issues
MALWARES
0
MALWARES
APKiD
10
APKiD
STRINGS
Google API Key - 3 matches
Generic API Key - 1 matches
Possible Secret Detected - 148 matches
Unknown High Entropy String - 1097 matches
Possible UUID - 1150 matches
ASSETS
File path - 853 matches
URL - 582 matches
Hostname - 318 matches
REST API - 1483 matches
Relative Endpoint - 63 matches
Filename - 22 matches
PERMISSIONS SUMMARY
Permissions
Count
Safe
12
Risky
10
Dangerous
0
ASSETS WORDCLOUD
www.ml.com - 11 count
www.benefitsonline.com - 1 count
www.merrilledge.com - 12 count
www.mymerrill.com - 1 count
www.privatebank.bankofamerica.com - 2 count
www.bac-assets.com - 5 count
mobile.benefitspl1.ml.com - 1 count
images.cardlytics.com - 1 count
api.markitondemand.com - 1 count
mobile.benefits.ml.com - 3 count
www.bol.com - 1 count
www.ust.com - 1 count
www.benefits.ml.com - 3 count
play.google.com - 7 count
locations.merrilledge.com - 1 count
TRACKERS
1
TRACKERS
Inmobi
THIRD PARTY LIBRARIES
79
THIRD PARTY LIBRARIES
Android PackageManager
Android Support Library
Android Support v4
Jetpack Activity
Jetpack Annotation
AppCompat
Arch
Biometric
Browser
Jetpack API
Jetpack UI
Androidx Core
Documentfile
Jetpack Drawer Layout
CONTACT
Website
https://www.bankofamerica.com/mobile/mobile-banking-help.go
Email
[email protected]
HIDE REPORT
Are you the developer or owner of this app? Choose to keep your report private from BeVigil's Search for 30 days.
HIDE
Bank conveniently and securely with the Bank of America® Mobile Banking app for U.S.-based accounts.<br><br>Manage Accounts<br>• View account balances and review activity <br>• Activate or replace credit/debit cards<br>• Set alerts for important account info<br><br>Transfer Money and Pay Bills <br>• Securely send and receive money with Zelle® using a U.S. mobile number or email address¹<br>• Transfer funds between your Bank of America and linked Merrill accounts<br>• Pay bills <br><br>Check Deposit<br>• Take photos of checks to deposit them<br>• Get immediate confirmation that your check is processing²<br><br>Erica, Your Virtual Financial Assistant³<br>• Ask Erica to find transactions, pay bills and more<br>• Get valuable alerts, and helpful insights <br><br>Security<br>• Set up Touch ID® / Face ID®<br>• If fraudulent activity is suspected on your card, we’ll notify you<br>• View security center<br>• With our Mobile Banking Security Guarantee, you’re not liable for fraudulent transactions when reported promptly⁴<br><br>Manage Investments with Merrill<br>• Trade stocks, ETFs, mutual funds<br>• View up-to-date Market data, news, and quotes<br>• Send messages and documents securely to your advisor<br><br><br>See the Online Banking Service Agreement at bankofamerica.com/serviceagreement for more information. Mobile carrier message and data rates may apply.<br><br>¹ Zelle transfers require enrollment and must be made from a Bank of America consumer checking or savings account to a domestic bank account or debit card. Recipients have 14 days to register to receive money or the transfer will be canceled. Dollar and frequency limits apply. <br>² Deposits are subject to verification and not available for immediate withdrawal. Other restrictions apply.<br>³ Erica only listens or speaks when you tap the microphone and retains interactions to optimize your experience. Erica speaks aloud and hears and responds to all voices. Erica is only available in English.<br>⁴ You’re not liable for fraudulent Mobile Banking transactions when you notify the bank within 60 days of the transaction first appearing on your statement and comply with security responsibilities.<br><br>Investing involves risk. There is always the potential of losing money when you invest in securities.<br><br>Merrill Lynch, Pierce, Fenner &amp; Smith Incorporated (also referred to as &quot;MLPF&amp;S&quot; or &quot;Merrill&quot;) makes available certain investment products sponsored, managed, distributed or provided by complanies that are affiliates of Bank of America Corporation (&quot;BofA Corp&quot;). MLPF&amp;S is a registered broker-dealer, registered investment adviser, Member SIPC and a wholly owned subsidiary of BofA Corp. Insurance and annuity products are offered through Merrill Lynch Life Agency Inc. (&quot;MLLA&quot;), a licensed insurance agency and wholly owned subsidiary of BofA Corp.<br><br>Banking products are provided by Bank of America, N.A., and affiliated banks, Members FDIC and wholly-owned subsidiaries of Bank of America Corporation.<br><br>Investment products: <br>• Are Not FDIC Insurance<br>• Are Not Bank Guaranteed<br>• May Lose Value<br><br>Zelle® and the Zelle® related marks are wholly owned by Early Warning Services, LLC and are used herein under license.<br><br>Features may only be available for certain account types.<br><br>Android is a trademark of Google Inc.<br><br>Google emojis are used herein under license.<br><br>Bank of America and related trademarks are trademarks of Bank of America Corporation<br>Bank of America, N.A. Member FDIC<br>© 2023 Bank of America Corporation