Insecure Data Storage
Insecure Data Storage essentially refers to data packets or data that is stored without the added protection of encryption or other firewalls.
Storing important data like password and credit card number needs a secure mechanism. Ordinarily, Developers use file, database or saved setting to store these kind of data.
we will practice on Diva App
INSECURE DATA STORAGE — PART 1:
after decompile and get source code of app, we can review source code for this activity.
we can see here the data stored in Shared Preferences, first enter username, and password for 3rd party inputs
as we can see, i put username and password as test, and credentials saved successfully
using adb shell, we can find app path using this command :
pm list packages | grep diva
the path is : jakhar.aseem.diva
all apps files can be found at /data/data/<app-packages>
so go to /data/data/jakhar.aseem.diva there is some folders and files, but from source code we know that app store data in shared_prefs folder