"Android Platform security scheme" の#00-do not encrypt stored sensitive information on external storage (SD card)

This article is translated from https://www.securecoding.cert.org/confluence/display/java/DRD00-J.+Do+not+store+sensitive+information+on+ External+storage+%28sd+card%29+unless+encrypted+first, there are additional deletions.

Android offers several options for saving persistent application data, one of which is external storage (/sdcard,/mnt/sdcard). The external storage contains a miniature or standard-sized SD card inside the device. Mount the Android device memory card on the PC and the Android/obb folder.

The version number before Android4.1. Files stored externally are world-readable (can be read by whatever user) and World-writable (can be written by whatever user). From Android4.1 to Android4.3, when an app wants to write to a random file stored externally, it just needs to declare write_external_storage permissions in the Androidmanifest file. However, from the beginning of Android4.4, the creation of grouping and file patterns based on folder structure was introduced. This allows an app to have read and write access to the file only in an external store under a folder named after its own package name.

Non-system-level apps only agree to operate under the android/data/<package-name>/folder. So. Each app's file read and write permissions are independently separated from each other. Can't visit each other.

The above describes the limitations of access restrictions. Files written to external storage may be at risk of being changed and read by different apps on the same device (Android4.4 version number).

Android API Guide [Android Guild 2013] About storage options gives a warning message such as the following: Suppose a user mounts an external store to a PC or removes it directly, causing external storage to be unavailable. And there are no security measures to secure files stored on external storage. All applications are able to read and write files stored externally. And the user can delete it arbitrarily.

Developers should not store unencrypted sensitive information in external storage, because externally stored files cannot guarantee availability, integrity, and confidentiality.

[Code Demo sample that does not meet security requirements]

The following code creates a file in the external store and stores the sensitive information.

private string filename = "myfile" private string string = "sensitive data such as credit card number" FileOutputStream Fos = NULL; try {  File File = new file (Getexternalfilesdir (target_type), filename);  FOS = new FileOutputStream (file, false);  Fos.write (String.getbytes ());}  catch (FileNotFoundException e) {  //Handle FileNotFoundException} catch (IOException e) {  //handle IOException} Finally {  if (fos! = null) {    try {    fos.close ();    } catch (IOException e) {}}  }

[Proof of concept]

An app typically holds the file folder structure externally stored as seen in the following:

/sdcard/android/data/com.company.app/files/save/appdata/save_appdata

[Security-compliant resolution # # Save files to internal storage]

The following code uses the Openfileoutput () method to create a "myfile" file in the app's Data folder and sets the access permission to Mode_private. This ensures that other apps will not be able to access the file.

private string filename = "myfile" private string string = "sensitive data such as credit card number" FileOutputStream Fos = NULL; try {   fos = openfileoutput (filename, context.mode_private);   Fos.write (String.getbytes ());   Fos.close ();}  catch (FileNotFoundException e) {  //Handle FileNotFoundException} catch (IOException e) {  //handle IOException} Finally {  if (fos! = null) {    try {      fos.close ();    } catch (IOException e) {}}  }

[Solution that meets security requirements # #]

Before you save the file to an external store. Encrypt the contents of the file first.

--Welcome reprint, please indicate the sourcehttp://blog.csdn.net/asce1885and may not be used for commercial purposes without my permission. Thank you--

"Android Platform security scheme" の#00-do not encrypt stored sensitive information on external storage (SD card)