05. Insecure Data Storage — Part 3

As we go on, some steps may become repetitive and boring, but I want to cover every step in the Android penetration testing in 0 to 100. So, I don't want to lose an step.

The 5th task in DIVA tries to talk about storing data again. I am not going to repeat same steps again. we’ll just go to the final step. Lets decompile and see what happens:

Application creates a temp file in the data directory and writes the plain sensitive text into the file. if we read the file we face something like the following image:

How To Secure

Hashing using MD5 or SHA1 methods. Encryption using Key Store.

Final words

We prepared a Step by Step list of Android penetration testing guide based on our own experience here. check for new posts from time to time.

Feel free to add comments to help us improve our posts. by the way, security belongs to everyone.