Described in Detail: he Flag android:allowBackup flag is set by default to True if not present in the manifest file. If True, it means that the application can be backed up by the user using any backup system. The backup systems include 'adb backup' or the default Android application backup functionality or any third party application.
Attacker or user can use 'adb backup packagename' to backup the internal files of the application
to his desktop. He can then view or change the files, including any private information in them, and restore.
Also, there is a vulnerability found in the android backup mechanism which allows an attacker to inject additional applications (APKs) into the backup archive without the user's consent.
Evidence of the Vulnerability: Screenshot Attached
Repair Plan: In the manifest file change the value to false [android:allowBackup="false"]
Described in Detail: he Flag android:allowBackup flag is set by default to True if not present in the manifest file. If True, it means that the application can be backed up by the user using any backup system. The backup systems include 'adb backup' or the default Android application backup functionality or any third party application.
Attacker or user can use 'adb backup packagename' to backup the internal files of the application to his desktop. He can then view or change the files, including any private information in them, and restore.
Also, there is a vulnerability found in the android backup mechanism which allows an attacker to inject additional applications (APKs) into the backup archive without the user's consent.
Evidence of the Vulnerability: Screenshot Attached
Repair Plan: In the manifest file change the value to false [android:allowBackup="false"]
Below are the reference link: http://www.securityfocus.com/archive/1/535980 http://www.search-lab.hu/about-us/news/110-android-adb-backup-apk-injection-vulnerability https://nelenkov.blogspot.com/2012/06/unpacking-android-backups.html https://blog.c22.cc/advisories/cve-2013-5112-evernote-android-insecure-storage-of-pin-data-bypass-of-pin-protection/