Saturday, December 31, 2016

ANDROID PT - DIVA / 3 - Insecure Data Storage 1 - Shared Preferences


- Layout for this exercise:

- Connecting from Santoku to Nexus 5 with ADB:

- Launching the application: 

- The third challenge is based on the fact that some applications store sensitive information, 
for instance small name or key value pairs, at local storage files like the Shared Preferences folder (shared_prefs). Although not recommended, a lot of developers use this method.

- Clicking the challenge 3 tab:

- The application prompts for credentials (username + password) to be saved:


- Let's introduce these simple credentials:

       username: Bob
       password: PasswordForBob

- The applications tells that the credentials have been successfully saved:


- Going to the activity for this challenge, (see how to do it here):

- Opening the file to analyze the Java source code. The saveCredentials method uses the default Shared Preferences folder to store the credentials entered by the user:

- Going to the /data/data/jakhar.aseem.diva (name of the package) the shared_prefs folder is found:


- Checking its content:


- Opening the .xml file, we find the credentials previously introduced by the user: