Call to External Storage API

Call to External Storage API

Risk: info

Description

List of all external storage API calls. Insecure storage of sensitive information by setting insecure permissions or storing data without encryption might expose this information to an attacker.

Recommendation

This entry is informative, no recommendations applicable.

Links

• CWE-922: Insecure Storage of Sensitive Information
• CWE-312: Cleartext Storage of Sensitive Information
• Security tips (Android developer)
• Insecure Data Storage (OWASP)

Standards

• OWASP_MASVS_L1:
  • MSTG_STORAGE_2
• OWASP_MASVS_L2:
  • MSTG_STORAGE_2
• OWASP_MASVS_v2_1:
  • MASVS_STORAGE_2