"Secure programming in the Android platform" の#00-do not store unencrypted sensitive information in external storage (SD card)

This article is translated from https://www.securecoding.cert.org/confluence/display/java/DRD00-J.+Do+not+store+sensitive+information+on+ External+storage+%28sd+card%29+unless+encrypted+first, there are additional deletions.

Android offers several options for saving persistent application data, one of which is external storage (/sdcard,/mnt/sdcard). External storage includes a miniature or standard-sized SD card inside the device that mounts to the Android device memory card on the PC and the Android/obb directory.

Prior to Android4.1, files stored externally are world-readable (capable of being read by any user) and world-writable (capable of being written by any user). From Android4.1 to Android4.3, when an app wants to write to any file that is stored externally, it only needs to declare Write_external_storage permissions in the Androidmanifest file. However, starting with Android4.4, a directory-based structure is introduced to create groupings and file patterns, which allows an app to have read and write access to the file only in a directory named after its own package name in an external store. Non-system-level apps are only allowed to operate in the android/data/<package-name>/directory. As a result, each app's file read and write permissions are independent and inaccessible to each other.

The lack of access restrictions described above may cause files written to external storage to be at risk of being modified and read by different apps on the same device (Android4.4 previous version).

Android API Guide [Android Guild 2013] About storage options gives the following warning message: If the user mounts the external storage on the PC or removes it directly, the external storage will be unavailable. And there are no security measures to secure files stored on external storage. All applications can read and write files stored externally, and users can delete them at will.

Developers should not store unencrypted sensitive information in external storage because externally stored files do not guarantee availability, integrity, and confidentiality.

[code example that does not meet security requirements]

The following code creates a file in the external store and stores the sensitive information.

private string filename = "myfile" private string string = "sensitive data such as credit card number" FileOutputStream Fos = NULL; try {  File File = new file (Getexternalfilesdir (target_type), filename);  FOS = new FileOutputStream (file, false);  Fos.write (String.getbytes ());}  catch (FileNotFoundException e) {  //Handle FileNotFoundException} catch (IOException e) {  //handle IOException} Finally {  if (fos! = null) {    try {    fos.close ();    } catch (IOException e) {}}  }

[Proof of concept]

An application typically resides in an externally stored file directory structure as follows:

/sdcard/android/data/com.company.app/files/save/appdata/save_appdata

[Security-compliant Solution # # Save files to internal storage]

The following code uses the Openfileoutput () method to create a "myfile" file in the app's data directory and sets the access permission to mode_private so that no other app can access the file.

private string filename = "myfile" private string string = "sensitive data such as credit card number" FileOutputStream Fos = NULL; try {   fos = openfileoutput (filename, context.mode_private);   Fos.write (String.getbytes ());   Fos.close ();}  catch (FileNotFoundException e) {  //Handle FileNotFoundException} catch (IOException e) {  //handle IOException} Finally {  if (fos! = null) {    try {      fos.close ();    } catch (IOException e) {}}  }

[Security-compliant Solution # #]

Encrypt the contents of a file before saving it to an external store.

--Welcome reprint, please indicate the sourcehttp://blog.csdn.net/asce1885, do not use for commercial purposes without my consent, thank you--