Insecure Data Storage

Mostafa Elguerdawi
2 min readAug 6, 2023

Insecure Data Storage essentially refers to data packets or data that is stored without the added protection of encryption or other firewalls.

Storing important data like password and credit card number needs a secure mechanism. Ordinarily, Developers use file, database or saved setting to store these kind of data.

we will practice on Diva App

INSECURE DATA STORAGE — PART 1:

after decompile and get source code of app, we can review source code for this activity.

we can see here the data stored in Shared Preferences, first enter username, and password for 3rd party inputs

as we can see, i put username and password as test, and credentials saved successfully

using adb shell, we can find app path using this command :

pm list packages | grep diva

the path is : jakhar.aseem.diva

all apps files can be found at /data/data/<app-packages>

so go to /data/data/jakhar.aseem.diva there is some folders and files, but from source code we know that app store data in shared_prefs folder

--

--