[MASWE-0005] Sensitive Data Hardcoded in the App Package

[cpholguera]

Description

Create a new risk for "Sensitive Data Hardcoded in the App Package (MASVS-STORAGE-1)" using the following information:

Sensitive data (including cryptographic and authentication material) can be hardcoded in the app package, source code, and compiled binary which can be extracted by an attacker.

Create "risks/MASVS-STORAGE/1-***-****/data-hardcoded-app-package/risk.md" including the following content:

---
title: Sensitive Data Hardcoded in the App Package
alias: data-hardcoded-app-package
platform: [android, ios]
profiles: [L1, L2]
mappings:
  masvs-v2: [MASVS-STORAGE-1]
  mastg-v1: []

---

## Overview

## Impact

## Modes of Introduction

## Mitigations

To complete the sections follow the guidelines from Writing MASTG Risks & Tests

Use at least the following references:

• https://developer.android.com/privacy-and-security/risks/hardcoded-cryptographic-secrets

When creating the corresponding tests, use the following areas to guide you:

• app package (APK/IPA)
• app source / compiled binary
• libs

MASTG v1 Refactoring:

If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.

Acceptance Criteria

• [ ] The risk has been created in the correct directory (risks/MASVS-STORAGE/1-***-****/data-hardcoded-app-package/risk.md)
• [ ] The risk content follows the guidelines
• [ ] At least one GitHub Issue has been created for the corresponding tests (derived from "Modes of Introduction")
• [ ] The risk indicates the related MASTG v1 tests in its metadata.

[cpholguera]

Assign to: @juanmanuelmartinez-dekra