Recap maintains an extensive scanning Database of vulnerabilities from multiple sources (see below). The Recap vulnerability database is updated daily (for licensed versions) and every quarter for free versions and it is comprised by the following sources:
IST Vulnerability Database: The NIST National Vulnerability Database (NVDB) is a central repository of software vulnerabilities. Recap’s DB leverages selected vulnerabilities published in the NVD and distinguishes those entries with the “CVE” prefix (e.g., CVE-2014-8507).
Palindrome Technologies CyWAR Lab: Palindrome Technologies performs security research on mobile devices on behalf of commercial customers. This research has led to the discovery of several 0-day vulnerabilities, which they are also disclosed to the corresponding OEMs (i.e., Samsung, Motorola, LG etc ). Palindrome Technologies discovered vulnerabilities are identified using the “PAL” prefix (e.g., PAL-2015-0004” instead of CVE).
Public Forums: There are several public forums where Android vulnerabilities or security issues are discussed. In instances where 0-day vulnerabilities are discussed in public forums we develop verify its applicability and include in the Recap database as necessary.
Google Partner Security Bulletin: The Google Partner Security Bulletin (PSB) is a closed consortium of trusted Google partners in which Android security issues are communicated. These vulnerabilities are distinguished using the prefix “PSB”. It should be noted that PSB’s are included in versions of Recap scanner that maintains an active license. The PSB’s capture issues under investigation that may not have an immediate software fix and thus used for awareness purposes only.