Rico Mobile App Hard-Coded Cryptographic Key Vulnerability in SegmentSettingsModule

Vulnerability

A vulnerability exists in the Rico 'só vantagem pra investir' Android application, specifically in version 4.58.32.12421. The issue arises from a hard-coded Segment write key located in the file 'br/com/rico/mobile/di/SegmentSettingsModule.java'. This key can be extracted through reverse engineering and misused to send false tracking events or alter user profiles via Segment's API. Such actions could distort analytics data, leading to flawed business insights, incorrect user segmentation, and potential misuse of related systems.

Impact

The vulnerability allows for the extraction of a hard-coded Segment write key, which can be used to manipulate user profiles and inject fraudulent data into analytics systems, potentially disrupting business operations and data integrity.

Added: Apr 3, 2026, 5:19 AM

Updated: Apr 3, 2026, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rico Mobile App Hard-Coded Cryptographic Key Vulnerability in SegmentSettingsModule

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating