Android

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Yozo TODA

Saved on

compared with

New Version 6

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Tidied up to conform to our rule format

Android provides several options to save persistent application data, one of which is External Storage (/sdcard, /mnt/sdcard).

Files saved to the external storage are world-readable. Consequently, they can be modified by other apps installed on the device or by the user (by enabling USB mass storage and manipulating files from a PC).

...

The following code creates a file on the external storage and saves sensitive information to the file:

Code Block
bgColor#FFCCCC
private String filename = "myfile"

private String string = "sensitive data such as credit card number"
FileOutputStream fos = null;

try {
  file file = new File(getExternalFilesDir(TARGET_TYPE), filename);
  fos = new FileOutputStream(file, false);
  fos.write(string.getBytes());
} catch (FileNotFoundException e) {
  // handle FileNotFoundException
} catch (IOException e) {
  // handle IOException
} finally {
  if (fos != null) {
    try {
  fos.close();
    } catch (IOException e) {
    }
  }
}

...

The following code uses the openFileOutput() method to create "myfile" in an application data directory with permission set to MODE_PRIVATE so that other apps cannot access the file:

 

Code Block
bgColor#CCCCFF
private String filename = "myfile"
private String string = "sensitive data such as credit card number"
FileOutputStream fos = null;

try {
   fos = openFileOutput(filename, Context.MODE_PRIVATE);
   fos.write(string.getBytes());
   fos.close();
} catch (FileNotFoundException e) {
  // handle FileNotFoundException
} catch (IOException e) {
  // handle IOException
} finally {
  if (fos != null) {
    try {
      fos.close();
    } catch (IOException e) {
    }
  }
}

Risk Assessment

Using an implicit intent can leak sensitive information to malicious apps.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD00-J

high

probable

medium

P12

L1

Automated Detection

It is possible to automatically detect whether an application writes to external storage. It is not feasible to automatically determine whether such output could be stored internally. 

Related Vulnerabilities

Related Guidelines

Android Secure Coding Guidebook by JSSEC[cjl1] 

4.6 Secure File Handling
4.6.1.4 Handling external storage files
4.6.2.1 When creating new files, make them private
4.6.2.2 Don’t create files accessible from other apps with read/write privilege
4.6.2.3 Minimize the use of files stored in external storage such as SD card
4.6.2.4 Consider the lifetime of files when designing apps

Bibliography

[Android n.d.] 
Android Secure Coding Guidebook by JSSEC4.6 Secure File Handling

 [cjl1]I cannot find Android Secure Coding Guidebook, but it needs to be added to the references and a citation used here ([JSSEC year])