Android : External storage manipulation

Classification

OWASP Mobile Top 10 2016

M8-Code Tampering

OWASP Top 10 2017

A5-Broken Access Control A3-Sensitive Data Exposure

OWASP Top 10 2021

A1-Broken Access Control A2-Cryptographic Failures A4-Insecure Design

OWASP ASVS

Files and Resources

CWE

CWE-22 CWE-73 CWE-200 CWE-434 CWE-522 CWE-642

CWE/SANS Top 25 2011

CWE-22 CWE-434

CWE/SANS Top 25 2021

CWE-22 CWE-200 CWE-434 CWE-522

Overview

The application modifies data from external storage. If the function arguments are obtained from an untrusted source, an attacker can modify the external storage file system.

References

OWASP Top 10 2017-A5-Broken Access Control
CWE-73: External Control of File Name or Path

LOW

Android : External storage manipulation

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Android : External storage manipulation in your application?

See also

Android : Debug mode on

Android : Error handling: generic exception

Android : HTTP usage