Skip to main content

Insecure File Management

Why is this important?

Any functionality related to file management requires careful usage. If attackers are able to influence the input to file access related APIs, then it can have a serious impact.

Fixing Insecure File Management

Option A: Ensure correct File Permissions

Android apps can define whether a file is world readable, writable or both. While in some cases this can be an acceptable use-case, if can often leak sensitive data.

  1. Go through the issues that GuardRails identified in the PR.

  2. A vulnerable example is shown below:

    SharedPreferences sharedPref = getSharedPreferences("key", MODE_WORLD_READABLE);
    SharedPreferences.Editor editor = sharedPref.edit();
    editor.putString("username", "administrator");
    editor.putString("password", "supersecret");
    editor.commit();
  3. Make sure that these are not accessible by other apps.

  4. Test it

  5. Ship it 🚢 and relax 🌴

More information:

Option B: Don't load files from external storage into WebViews

Loading data from external storage into a WebView doesn't guarantee the integrity of that data. External storage can be modified by any other application on the device. In addition, the getExternalStorageDirectory() method was deprecated in API level 29.

  1. Go through the issues that GuardRails identified in the PR.

  2. Look out for patterns like this:

    String baseDir = Environment.getExternalStorageDirectory().getAbsolutePath();
    WebView.loadUrl("file://"+baseDir+"dangerZone.html");
  3. And make sure that the use-case makes sense, otherwise remove the logic, or leverage safer alternatives for accessing the required data.

  4. Test it

  5. Ship it 🚢 and relax 🌴