Android

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Fred Long

Saved on

compared with

New Version Current

changes.mady.by.user Beriwan Salamat Ravandi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added ourCS workshop contributor text box

(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)

 

 

This rule was developed in part by Beriwan Salamat Ravandi at the October 20-22, 2017 OurCS Workshop (http://www.cs.cmu.edu/ourcs/register.html). For more information about this statement, see the About the OurCS Workshop page.

 

Information that is cached may become accessible to other applications, and certainly becomes accessible if the device is found or stolen by a third party.

...

[This rule may require four or five NCCE/CS pairs.]

Noncompliant Code Example

This noncompliant code example shows an application that caches sensitive information.

...

Another application could access the cache, thereby revealing the sensitive information.

Compliant Solution

In this compliant solution the sensitive information is not cached.

Code Block
bgColor#CCCCFF
TBD

Risk Assessment

Caching sensitive information may result in the information becoming accessible.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD22-J

Medium

Probable

High

P4

L3

Automated Detection

It is not possible to automatically detect all situations when sensitive information may be cached.

Bibliography

[viaForensics 2014]

2. Avoid caching app data

15. Be aware of the keyboard cache

29. Android: avoid storing cached camera images

30. Android: Avoid GUI objects caching

[Android Security]Using WebView
[Android API 2013]clearCache() method