When an application processes sensitive information taken as input from the user or any other source, it may result in placing that data in an insecure location in the device. This insecure location could be accessible to other malicious apps running on the same device, thus leaving the device in a serious risk state.
Unintended data leakage occurs when a developer inadvertently places sensitive information or data in a location on the mobile device that is easily accessible by other apps on the device.
Im using Insecure Bank V2 application.
Steps for Unintended Data Leakage Copy/paste buffer caching
1.Open the app and copy sensitive information on clipboard.
2.Open drozer on the android mobile.
3.Start the server.
4.Open the terminal and enter adb forward tcp:31415 tcp:31415
5.Now enter drozer console connect
6.On the drozer terminal enter run post.capture.clipboard
7. You will get the data copied onto the clipboard if the app allows it.
Unintended data leakage occurs when a developer inadvertently places sensitive information or data in a location on the mobile device that is easily accessible by other apps on the device.
Below is the list of scenarios where unintended data leakage flaws may exist.
- Leaking content providers
- Copy/paste buffer caching
- Logging
- URL caching.
Im using Insecure Bank V2 application.
Steps for Unintended Data Leakage Copy/paste buffer caching
1.Open the app and copy sensitive information on clipboard.
2.Open drozer on the android mobile.
3.Start the server.
4.Open the terminal and enter adb forward tcp:31415 tcp:31415
5.Now enter drozer console connect
6.On the drozer terminal enter run post.capture.clipboard
7. You will get the data copied onto the clipboard if the app allows it.