search

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
11.74k stars 2.32k forks source link

Update Keyboard Cache Location in MSTG-STORAGE-5 #2368

Closed cpholguera closed 1 year ago

cpholguera commented 1 year ago

Discussed in https://github.com/OWASP/owasp-mastg/discussions/2367

Originally posted by **sohsatoh** February 9, 2023 The "Finding Sensitive Data in the Keyboard Cache" section of MSTG-STORAGE-5 describes the following. ``` Several options for simplifying keyboard input are available to users. These options include autocorrection and spell checking. cached by default, in /private/var/mobile/Library/Keyboard/dynamic-text.dat. ``` However, in iOS14 and iOS16, I confirmed that the keyboard cache is stored in `/private/var/mobile/Library/Keyboard/-dynamic.lm/dynamic-lexicon.dat`, and the information written in MSTG-STORAGE-5 is already outdated.

Suggestion: let's try to keep it timeless

Several options, such as autocorrect and spell check, are available to users to simplify keyboard input and are cached by default in `.dat' files in /private/var/mobile/Library/Keyboard/ and its subdirectories.
cpholguera commented 1 year ago

Would you mind opening a PR @sohsatoh? Thank you very much.