Home / Vulnerability Database / Android : File with universal read or write access

Android

Android : File with universal read or write access

Classification

OWASP Mobile Top 10 2014

M2-Insecure Data Storage M4-Unintended Data Leakage

OWASP Mobile Top 10 2016

M2-Insecure Data Storage

HIPAA

§164.312 (a)(1)

Overview

The application saves the file with global read and write access. This can lead to data confidentiality loss.

The application saves the file with the MODE_WORLD_READABLE or MODE_WORLD_WRITEABLE parameter, thus granting all applications access for reading or writing into this file. Using the mentioned constants is insecure: they are deprecated since API Level 17 (Android 4.2).

References

Storage Options - developer.android.com

MEDIUM

Android : File with universal read or write access

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Android : File with universal read or write access in your application?

See also

Android : Debug mode on

Android : Error handling: generic exception

Android : HTTP usage