Application Local Storage Flaws refer to security weaknesses in how mobile or client applications store data locally on a device. Sensitive information like credentials, personal data, or session tokens — if improperly stored — can be accessed by other apps, attackers, or even users of the same device. Weak local storage practices are a common source of privacy breaches, data leakage, and regulatory non-compliance.
Application Local Storage Tests:
Hidden Secrets in the Code
Scans the application’s codebase for hardcoded credentials, API keys, encryption secrets, or debug data that could be extracted through reverse engineering.
Storing Sensitive Data on Shared Storage
Tests whether sensitive data (such as user credentials, payment details, or personal files) is stored on shared device storage locations accessible by other apps or users, violating data isolation principles.
Storing Sensitive Data in Application Cache Files
Checks whether sensitive information is improperly saved in cache directories, which can be accessed by attackers with physical or logical device access, especially on rooted or jailbroken devices.
Cryptographic Based Storage Strength
Evaluates the effectiveness of encryption mechanisms used to protect sensitive data at rest on the device — including algorithm choice, key management practices, and implementation security.
Content Providers Access Permissions
Assesses whether the application’s Content Providers (Android) properly enforce permission requirements, ensuring only authorized apps can access or modify shared data.
Content Providers SQL Injection
Tests Content Provider query interfaces for SQL injection vulnerabilities, where an attacker could manipulate database queries via unvalidated input to extract or modify sensitive records.
Privacy and Metadata Leaks
Examines whether non-sensitive data or metadata — such as filenames, timestamps, or activity logs — could indirectly reveal private user information when stored or transmitted insecurely.