zsmi
commented
10 years ago The reason it was written this way is because if you don't have the source for the app you cannot tell that these API's were used. There are other checks that say an app must use specific API calls but those may also not be easily checked.
MODE_WORLD_WRITABLE and MODE_WORLD_READABLE are normally not a good idea. There have been a number of apps (Bank of America, Skype, etc.) that have leaked sensitive information because they used the MODE_WORLD_READABLE flag. Normally if you want something to be only visible by your application you should be using MODE_PRIVATE. If apps that do not have the same user ID need to access such data it should be done using ContentProviders, BroadcastReceivers, and Services.
If you store anything on the SDcard in the public portion, it will be readable and writable by any application that contains the WRITE_EXTERNAL_STORAGE and/or READ_EXTERNAL_STORAGE permission. There is also a portion of the SDCard that can be used to store "Private" app data that cannot be read by other applications. This does not require the application to request WRITE_EXTERNAL_STORAGE or READ_EXTERNAL_STORAGE assuming the app is on a device running 4.4 or newer. Note: If you mount the sdcard as a mass storage device on a PC all data becomes accessable, even the data written to the private app section.
Here are the guidelines for data storage: http://developer.android.com/guide/topics/data/data-storage.html
Fix the Android file permissions check to be less lazy.
From http://developer.android.com/guide/topics/security/permissions.html: "... use the MODE_WORLD_READABLE and/or MODE_WORLD_WRITEABLE flags to allow any other package to read/write the file. When setting these flags, the file is still owned by your application, but its global read and/or write permissions have been set appropriately so any other application can see it."
I think we generally want to search for evidence that this has happened. How should it be done? What about storage on sdcards etc? Are there mistakes app developers might make, that would leave data vulnerable?