software composition analysis
Product
SAST
Catch vulnerabilities as you develop DAST
Test live web applications like an attacker SCA
Secure open-source and supply chain MAST
Secure mobile apps from code to store Compliance
Align with standards while shipping secure code
Resources
Vulnerability database Healthy Package
Blog News
Documentation
Pricing Partners About Us Log In
software composition analysis

C-sharp : Xamarin: File with universal read or write access

Classification

OWASP Mobile Top 10 2014 M2-Insecure Data Storage M4-Unintended Data Leakage OWASP Mobile Top 10 2016 M2-Insecure Data Storage HIPAA §164.312 (a)(1)

Overview

The application saves the file with global read and write access. This can lead to data confidentiality loss.

The application saves the file with the MODE_WORLD_READABLE or MODE_WORLD_WRITEABLE parameter, thus granting all applications access for reading or writing into this file. Using the mentioned constants is insecure: they are deprecated since API Level 17 (Android 4.2).

References

  1. Storage Options - developer.android.com

See also

C-sharp : Unminified JavaScript
C-sharp : Reflected XSS
C-sharp : XSLT injection