Sensitive data stored in keyboard cache

Sensitive data stored in keyboard cache

Risk: low

Description

Android stores non-numeric words in the keyboard cache. Sensitive information like login or passwords may leak if the auto-correction the feature is not disabled.

Recommendation

Links

• CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Standards

• OWASP_MASVS_L1:
  • MSTG_STORAGE_5
• OWASP_MASVS_L2:
  • MSTG_STORAGE_5