DerScanner
Home / Vulnerability Database / Android : External storage usage
Android

Android : External storage usage

Classification

OWASP Mobile Top 10 2016
M2-Insecure Data StorageM3-Insecure CommunicationM4-Insecure Authentication
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure Design
OWASP MASVS
V2: 2.1.(L1/L2/L1+R/L2+R)V2: 2.2.(L1/L2/L1+R/L2+R)V2: 2.13.(L2/L2+R)
HIPAA
§164.312 (c)(1)
CWE
CWE-200CWE-250CWE-312CWE-313CWE-522CWE-921CWE-940
CWE/SANS Top 25 2011
CWE-250
CWE/SANS Top 25 2021
CWE-200CWE-522

Overview

The application writes data to the external storage.

Files written to external storage device are readable by all applications and can be changed when the user connects the device to a computer in a USB drive mode. Besides, files stored in external storage will remain there even after the application is deleted. This can lead to a valuable data confidentiality loss.

References

  1. OWASP: Insecure Storage
  2. Storage Options - developer.android.com
  3. CWE-250: Execution with Unnecessary Privileges
  4. CWE-921: Storage of Sensitive Data in a Mechanism without Access Control
CRITICAL

DerScanner Severity Score

Do you want to fix Android : External storage usage in your application?

See also

Android

Android : Debug mode on

Android

Android : Error handling: generic exception

Android

Android : HTTP usage