Insecure Storage: Android World Readable or Writeable issue

Kavanagh, John 0 Reputation points
2023-02-02T14:19:25.06+00:00

We are reports from static scanning engines of "Insecure Storage: Android World Readable or Writeable" issues for our Xamarin mobile apps. The specific paths highlighted are:

/data/data/[app name]/files/.config

/data/data/[app name]/files/.local

/data/data/[app name]/files/.local/share

It further states "Files with excessive permissions may be read or written by other applications or processes on the device, compromising confidentiality and/or integrity of the application's data. The following file has read permissions for Other users/apps: /data/data/[app name]/files/.config"

The recommendation to resolve is:

"Do not create files with world read/write permissions. If it is necessary to share files with another application, use file content URIs with temporary access permissions to do so in a secure manner."

Do we have control of the permissions assigned to these file system paths? Are there any sensitive files stored there? Is it possible to restrict the permissions assigned so we can close this issue?

Xamarin
Xamarin
A Microsoft open-source app platform for building Android and iOS apps with .NET and C#.
5,294 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 35,471 Reputation points Microsoft Vendor
    2023-02-03T02:50:17.5366667+00:00

    Hello,

    This is an issue related to the risk of Android internal storage, which is explained below:

    Data stored on the Android internal storage using the MODE_WORLD_READBLE or MODE_WORLD_WRITEABLE is accessible to all applications on the device. This not only denies protection against data corruption but in case of sensitive information violates user privacy and security concerns.

    For how to ensure the security of the program, you can refer to the following official Android documentation, which has detailed explanations and examples.

    Best Regards,

    Alec Liu.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments