edwindwalker / edwinwalker

Personal site
0 stars 0 forks source link

NowSecure dynamic analysis: Improper Permissions Granting Write Access to Other Apps #14

Closed edwindwalker closed 9 months ago

edwindwalker commented 3 years ago

Finding Description

Files were found to be world readable during dynamic analysis. Although it is possible that the permissions on the respective file(s) were changed later during runtime, the issue is that at some point in between, another process could have opened the file and read it. If the other process didn't close the file, the opened file descriptor could still be used to read the file's content. Because of this, it is possible that manually checking the file permissions on a local device may not yield the same result as shown here. There are also no guarantees that this access mode will remain on a file, such as when it goes through a backup and restore, so code that relies on this can fail unexpectedly. For instances where the file permissions are set correctly later at runtime, it is recommended to find the initial source of the violation in the code, and use less permissive permissions when making file calls.

Steps to Reproduce

This test monitors the application at runtime for calls to files stored on the device. It will flag any files that are world-writable, or made world-writable by the way they are opened by the app.

Business Impact

This app is storing data in files that are accessible and modifiable by any other app on the device. Any sensitive information contained in those files is exposed, and apps can potentially modify application data to change its behavior.

Remediation Resources

Creating world-readable files is very dangerous, likely to cause security holes in applications, and is strongly discouraged. Instead, applications should use more formal mechanism for interactions such as Content Providers. Details and code snippets can be found at https://developer.android.com/guide/topics/providers/content-provider-creating.

The context table below give the location of all files that were found to be world-readable at any time while the app was running.

Risk and Regulatory Information

Severity: medium CVSS: 5

Application

See more detail in the NowSecure Report