Android

Space shortcuts

Page tree

Versions Compared

Old Version 9

changes.mady.by.user Fred Long

Saved on

compared with

New Version 10

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor formatting change

...

 

Code Block
bgColor#CCCCFF
private String filename = "myfile"
private String string = "sensitive data such as credit card number"
FileOutputStream fos = null;

try {
   fos = openFileOutput(filename, Context.MODE_PRIVATE);
   fos.write(string.getBytes());
   fos.close();
} catch (FileNotFoundException e) {
  // handle FileNotFoundException
} catch (IOException e) {
  // handle IOException
} finally {
  if (fos != null) {
    try {
      fos.close();
    } catch (IOException e) {
    }
  }
}

Risk Assessment

Storing sensitive information on external storage can leak sensitive information to malicious apps.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD00-J

high

probable

medium

P12

L1

Automated Detection

It is possible to automatically detect whether an application writes to external storage. It is not feasible to automatically determine whether such output could be stored internally.

...