Android Insecure file storage

How It Vulnerable:

Sometime developer Made mistake When storing data to application which can be compromised By other user, attacker . If application is vulnerable This file could be access by other application without any proper permission .

Internal Storage :

Every application Contain some files data Like db, share preferences etc. As files that we create on internal storage are accessible only to application. Which Protection Implemented By Android . But developer mistake often use MODE_WORLD_READBALE & MODE_WORLD_WRITABLE If you look for Vulnerable application that files data can be readable by other malicious app which leads to expose Sensitive data.

External Storage:

Creating files on external storage, such as SD Cards, that are always readable and writable. Because external storage can be removed by the user and also modified by any application, You should Be aware about it you should not store any sensitive files on external which easily accessable .

How to find Insecure file storage

In order to check this type of security issue We need target application and running adb shell On Our terminal ,If we Look For Specific application package android application should contain data inside data/data/application-packages

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
PJBorah

PJBorah

I am pallab jyotti borah From Assam ! I am Professionally VAPT Analyst as Part time Bugbounty hunter