AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Storing Data on External Storage

The malicious applications can access users’ sensitive files

Severity

Critical

Fix Cost

Medium

Trust Level

Medium

Android supports external resources for storing and accessing directories for persistent storage capabilities. One of the most used such resources is SD Cards. Since these mediums usually support more disk space, it’s tempting to store user data for a mobile application. However, these mediums are public, therefore, any other mobile application can also store and access the files written to SD Cards. Below shows such an example code;

            
File sdCard = Environment.getExternalStorageDirectory();
File dir = new File (sdCard.getAbsolutePath() + "/myapp/");
dir.mkdirs();
File file = new File(dir, "receipt.pdf");

FileOutputStream f = new FileOutputStream(file);
...
                
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!