Hash Generated Using Broken Cryptography API (SHA1)

[shishiraetna]

The following vulnerable code locations within the App use CC_SHA1 or CryptoKit.Insecure.SHA1hashing functions, which leverage hashing algorithms that are proven to be vulnerable to collision attacks, and are unsuitable for modern use.

_-[FIRInstallationsIIDStore sha1WithData:] calls CC_SHA1()

This code was identified within the App.app/Frameworks/FirebaseInstallations.framework/FirebaseInstallations binary.

RECOMMENDATION Switch each usage of these outdated hashing functions to use a stronger algorithm with better collision resistance properties, such as SHA-256 or SHA-512.