Archives for November 2017

Android Shared Preference Unencrypted Local storage security risk – #3 DIVA Solution

Android Shared Preference are name-value pair saved as XML files. Majorly used to save user’s app preference or user’s details or state of the app by developers. Shared Preference are files which are saved inside directory named shared_prefs present within App Sandbox i.e.  /data/data/AppPackageName/shared_prefs . Being part of Sandbox by default when shared preference is declared in PRIVATE […]

Hard-coding Sensitive Information within Android apk a security risk- #2 DIVA Solution

Many a times developers make mistake of adding sensitive information in Android apps like Encryption keys, passwords, PIN, tokens, development internal information, etc. Sometimes unknowingly or sometimes knowingly to ease up development they store sensitive information within the app. Reverse Engineering is a process of obtaining source code back from compiled binaries like apk. So having […]

ADB Logcat security risk – #1 DIVA Solution

ADB (Android debug bridge) Logcat is a mechanism via which developers debug through application for proper work flow or to identify crashes. However during times, these code-snippets remains within the released app over the play store which user would install. Risk increases if these logs contains any sensitive information like banking details, user credentials, login/access […]

Android Reverse Shell using Metasploit

Android Reverse Shell using Metsploit would guide you in Getting complete access of device (both rooted & non-rooted) remotely. Word of caution, never try to use this for any harmful illegal activity , be sensible and use this with only your own device.   Today we will see how to obtain reverse shell (command line […]