AdSense

Saturday, December 31, 2016

ANDROID PT - DIVA / 5 - Insecure Data Storage 3 - Temporary Files


INSECURE DATA STORAGE 3 - TEMPORARY FILES

- Layout for this exercise:





- Connecting from Santoku to Nexus 5 with ADB:




- Launching the application: 





- The fifth challenge is based on the fact that some applications store sensitive information in temporary files.

- Clicking the challenge 5 tab:





- The application asks for credentials, username and password, and then saves them:




- Looking at the Java source code of the activity for this challenge, InsecureDataStorage3Activity.java, we have a hint about where the credentials have been stored:





- The method saveCredentials informs about the storage procedure for the credentials. A temporary file uinfo is created, where the credentials coming from the user input are saved:







- Looking for the temporary file contained at the data directory:






- The credentials are available inside the temporary file: