Android Sensitive data stored in keyboard cache

Android Sensitive data stored in keyboard cache

Risk: low

Description

Android stores non-numeric words in the keyboard cache. Sensitive information like login or passwords may leak if the auto-correction the feature is not disabled.

Recommendation

Links

• CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Standards

• OWASP_MASVS_L1:
  • MSTG_STORAGE_5
• OWASP_MASVS_L2:
  • MSTG_STORAGE_5
• PCI_STANDARDS:
  • REQ_2_2
  • REQ_3_2
  • REQ_3_5
  • REQ_6_2