search

onaio / steps-app

WHO STEPS App
Apache License 2.0
2 stars 2 forks source link

Disable logging to external storage #198

Closed bkimondiu closed 2 years ago

bkimondiu commented 2 years ago

App can read/write to External Storage. Any App can read data written to External Storage.

Standards:

CWE: CWE-276: Incorrect Default Permissions 
OWASP Top 10: M2: Insecure Data Storage 
OWASP MASVS: MSTG-STORAGE-2

Files: com/onaio/steps/activities/BackupLocati onActivity.java com/onaio/steps/handler/actions/SaveT oSDCardHandler.java com/onaio/steps/helper/Logger.java

ekigamba commented 2 years ago

The removed version is here for future references https://github.com/onaio/steps-app/blob/499c35717b839dbcfeb0e679b196d0a25fc917e6/src/main/java/com/onaio/steps/helper/Logger.java