0Pricing
Ethical Hacking Academy · Lesson

Insecure Storage and Comms

Common flaws.

The Two Classic Flaws

Two of the most common mobile vulnerabilities are insecure data storage and insecure communication. They appear in the OWASP Mobile Top 10.

Both stem from developers trusting the device too much and protecting data poorly.

Where Apps Store Data

Apps keep data in /data/data/<package>/:

  • SharedPreferences: XML key-value files.
  • SQLite databases.
  • Internal and external files.

Pentesters inspect each for secrets stored in the clear.

/data/data/com.app/shared_prefs/prefs.xml

All lessons in this course

  1. Android App Structure
  2. Static Analysis of APKs
  3. Dynamic Analysis with Frida
  4. Insecure Storage and Comms
← Back to Ethical Hacking Academy