Also a ‘hack’ is not a vulnerability. The string that gets sent through is via https and contains a _0_, which if there were ports would contain the array of ports found open. It is warned in the program that it is not for internal use, only external use as inside a LAN it would produce false positives. Secondly, it is intentional that the email comes to me securely and that is a free service, and the software does report to them the open ports if used externally (and me). The asp page is protected and cannot be exploited and is sent via https. It is not a vulnerability if YOU HACK an internal WebView. By altering the DNS is called HACKING. It is not a vulnerability any standard user is capable of, and the outcome, they receive a HTTP get request of that string that does nothing! You could do this to any application on the Appstore. This is a ‘hack’ which is child splay, malicious and unlawful that anybody could do by unpacking any APK and decompiling. I could do anything to any android application you developed. Send me some examples. I report this as a false vulnerability. As it is freeware and it has been hacked to fake a vulnerability I am removing it and the free service. I have evidence of it working as I have received many customer reports with open ports who use it as intended. The vulnerability is hackers. I’ll report this as a malicious hack not at all in arm’s length of a user. The basic information about the device is so that I can quote back to the user to validate the device they used to verify the open ports and my authenticity. It is a free service and App without ads. If a free service for ‘external’ penetration testing is going to be hacked and purported to be claimed as a vulnerability for alleged credits then the community can do without the free service. You have committed a computer crime, not found a vulnerability. If you intend to try and publish your crime, I will make it known to your jurisdiction and Android that you breached the law in gaining unauthorised access to an applications internal service code in order to alter its function of what it ‘could’ do. This is extremely weak you have to come down to this level. I could open up any Android or Windows application and claim that a MITM attack could be performed over a wireless network and the MAC address could be spoofed and all data could be compromised and I am so skilled at finding A VULNERABILITY! So pathetic.