You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've come across what seems to be an inconsistency in the recommendations regarding internal storage encryption for Android. I'd like to get some clarification and share thoughts on this.
These recommendations state that sensitive data should not be stored unencrypted in SharedPreferences or a database:
However, since data stored in a SharedPreferences object is written to a plain-text XML file so its misuse can often lead to exposure of sensitive data. (...) This code violates several best practices.
Sensitive information should not be stored in unencrypted SQLite databases.
However, another paragraph about plain files in internal storage does not mention the need for encryption.
Files saved to internal storage are containerized by default and cannot be accessed by other apps on the device. When the user uninstalls your app, these files are removed. The following code snippets would persistently store sensitive data to internal storage.
This strikes me as inconsistent because both SharedPreferences and databases are also stored in internal storage.
From my understanding, data stored in internal storage—be it a plain file, SharedPreferences, or a database—is only accessible to the owning app itself as long as the device is not rooted. Given this, I'm questioning whether storing unencrypted sensitive data in internal storage truly poses a security risk under normal conditions. Does the omission of encryption requirements for plain files in internal storage imply that encryption isn't strictly necessary in such cases? Or is this an oversight that should be addressed for consistency in the guidelines?
NOTE: For MASVS L1 compliance, it is sufficient to store data unencrypted in the application's internal storage directory (sandbox). For L2 compliance, additional encryption is required using cryptographic keys securely managed in the Android KeyStore.
which seems reasonable to me.
MASWE-0006 mentions a few circumstances when storing unencrypted data on the internal storage could pose a risk:
Mobile apps may need to store sensitive data locally within private storage locations such as the application sandbox and this data is at risk of exposure via, for example, incorrect file permissions, an app vulnerability, device vulnerability or data backup mechanisms.
While a device vulnerability can't be foreseen by the application author, all the other cases seem to be preventable or debatable:
incorrect file permission - will never happen because Context.MODE_PRIVATE is obligatory since API 17 (according to this)
app vulnerability - ambiguous
data backup mechanisms
contradicted by "If the device was encrypted, then the backup files will be encrypted as well" (according to this)
can also be switched off entirely
That being said, I'm unsure if storing unencrypted sensitive data on internal storage is actually a big problem or not. Or how big of a problem it is.
Since I'm not too experienced with rooting, I'm also unsure if the root detection mechanisms are reliable enough to assume that their presence can justify storing unencrypted data on internal storage.
Looking forward to hearing others' perspectives on this.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello everyone,
I've come across what seems to be an inconsistency in the recommendations regarding internal storage encryption for Android. I'd like to get some clarification and share thoughts on this.
These recommendations state that sensitive data should not be stored unencrypted in SharedPreferences or a database:
However, another paragraph about plain files in internal storage does not mention the need for encryption.
This strikes me as inconsistent because both SharedPreferences and databases are also stored in internal storage.
From my understanding, data stored in internal storage—be it a plain file, SharedPreferences, or a database—is only accessible to the owning app itself as long as the device is not rooted. Given this, I'm questioning whether storing unencrypted sensitive data in internal storage truly poses a security risk under normal conditions. Does the omission of encryption requirements for plain files in internal storage imply that encryption isn't strictly necessary in such cases? Or is this an oversight that should be addressed for consistency in the guidelines?
MASTG-TEST-0001 makes the following distinction:
which seems reasonable to me.
MASWE-0006 mentions a few circumstances when storing unencrypted data on the internal storage could pose a risk:
While a device vulnerability can't be foreseen by the application author, all the other cases seem to be preventable or debatable:
Context.MODE_PRIVATEis obligatory since API 17 (according to this)That being said, I'm unsure if storing unencrypted sensitive data on internal storage is actually a big problem or not. Or how big of a problem it is.
Since I'm not too experienced with rooting, I'm also unsure if the root detection mechanisms are reliable enough to assume that their presence can justify storing unencrypted data on internal storage.
Looking forward to hearing others' perspectives on this.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions