Android Application Security Testing Part-24: Unintended Data Leakage

Unintended Data Leakage

·         Threat Agents

o    Malware Apps

o    adversary who has physical access to device

·         Logging

o    Often Developers leave debugging information publicly. So any application with READ_LOGS permission can access those logs and can gain sensitive information throught that.

·         Copy/Paste Buffer Caching

o    Android provides clipboard-based framework to provide copy-paste function in android applications. But this creates serious issue when some other application can access the clipboard which contain some sensitive data.

How To Fix

·         Disable copy/paste function for sensitive part of the application. For example, disable copying credit card details.