Thứ Tư, 17 tháng 3, 2021

[#3][MobilePentesting] Insecure Data Storage on Android

Hello guys, today we come to a specific area on Android mobile application. We will learn about how data of an appication would be storaged in mobile device and all of threats may lead to vulnerabilities.

I. Data Storage on Android

1. Overview

Android uses a file system that's similar to disk-based file systems on other platforms. The system provides several options for you to save your app data:

- App-specific storage: Store files that are meant for your app's use only, either in dedicated directories within an internal storage volume or different dedicated directories within external storage. Use the directories within internal storage to save sensitive information that other apps shouldn't access.

- Shared storage: Store files that your app intends to share with other apps, including media, documents, and other files.

- Preferences: Store private, primitive data in key-value pairs.

- Databases: Store structured data in a private database using the Room persistence library.

Android provides two types of physical storage locations: internal storage and external storage. On most devices, internal storage is smaller than external storage. However, internal storage is always available on all devices, making it a more reliable place to put data on which your app depends.

Removable volumes, such as an SD card, appear in the file system as part of external storage. Android represents these devices using a path, such as /sdcard.

2. Methods

Android provides a number of methods for data storage depending on the needs of the user, developer, and application.

- Shared Preferences
- SQLite Databases
- Firebase Databases
- Realm Databases
- Internal Storage
- External Storage
- Keystore
- Logging Functions
- Android Backups
- Processes Memory
- Keyboard Caches
- Screenshots

II. Insecure Data Storage

1. Shared Preferences

Shared Preferences are XML files to store private primitive data in key-value pairs. Data Types include Booleans, floats, ints, longs, and strings.
Shared preferences are mostly useful for storing application settings that will be valid until a device reboot takes place. As the name states, the storage mechanism is best suited to holding user preferences for an application.

Anyone can see it in plain-text in Rooted device, that's the Security Issue.

+ Hardening

- Conside to use EncryptedSharedPreferences.

- NOT storage sensitive data with SharedPreferences.

2. SQLite Database

SQLite is an open-source relational database i.e. used to perform database operations on android devices such as storing, manipulating or retrieving persistent data from the database. It is embedded in android bydefault. So, there is no need to perform any database setup or administration task.

SQLiteOpenHelper class provides the functionality to use the SQLite database.

+ Security Issue 

- SQLinjection

- Data in Plaintext

+ Hardening

- Hash 

- SQLCypher

3. Firebase Realtime Database

The Firebase Realtime Database is a cloud-hosted database. Data is stored as JSON and synchronized in realtime to every connected client. When you build cross-platform apps with our iOS, Android, and JavaScript SDKs, all of your clients share one Realtime Database instance and automatically receive updates with the newest data.

 + Security Issue 

- Misconfiguration lead to database exposed

4. Internal Storage

Android Internal storage is the storage of the private data on the device memory. By default, saving and loading files to the internal storage are private to the application and other applications will not have access to these files.
If an application needs to store something secret, like a website username and password, internal storage is the place to do it. As the Android sandbox prevents other applications from accessing this data, many developers have chosen to store secret information here without any additional encryption in place.


 + Security Issue :

- Information Disclosure if data is not encrypted or developer did'n do it in the right way

Via Cross App Scripting :

5. External Storage

Two type

- External Storage for Specific App (/sdcard/Android/data/<package name>)

- External Storage for all data

Conclusion: Insecure Data Storage is related to Misconfiguration and Implement Encrypt Method in developing job. 

Happy Pentesting!

Không có nhận xét nào:

Đăng nhận xét

Phổ Biến