Archives for December 2017

Exploiting Input Validation in Webview – #8 DIVA Solution

Android Webview is component via which developers can provide browsing website access to users within their apps. However embedding webview may turn risky if not properly handled. Since several browsers have capability of running multiple URI schema like ftp, http, https, file, etc. Taking this advantage attacker can exploit webview and can use it to […]

SQLite Injection – Input Validation security risk – #7 DIVA Solution

Android uses SQLite database to save things locally within the device internal memory as managed Relational Database Management System (RDBMS). Majorly used to save app activity or user’s personal details or transaction logs or state of the app by developers. Article unencrypted SQLite DB security risk explained about exploiting database confidentiality over unencrypted DB. In this article […]

Insecure SD Card storage security risk – #6 DIVA Solution

Lack of internal storage and ease of use in terms of portability, Android devices provides option of saving things within external SD card memory storage. Along with flexibility here comes security risk. Since there is no per-app OS protection as we observed for App-Sandbox, any app can easily read-write entire SD card storage. Plus it […]

Temporary Internal File Storage risk – #5 DIVA Solution

Android provides option of saving temporary files locally within the device internal memory. Majorly used to save temporary things like error or transaction logs or app activity or error states by developers. Such Temporary files are saved inside app Sandbox directory i.e.  /data/data/AppPackageName/. If properly not processed then these files might contain sensitive information as […]

Unencrypted SQLite Database security risk – #4 DIVA Solution

Android uses SQLite database to save things locally within the device internal memory as managed Relational Database Management System (RDBMS). Majorly used to save app activity or user’s personal details or transaction logs or state of the app by developers. SQLite Database files by default are saved inside app Sandbox directory i.e.  /data/data/AppPackageName/databases. However many […]