Insecure Data Storage - Part 1
When you click on Insecure Data Storage - Part 1, you would see the following screen.
It resembles a password manager, which stores user's credentials. Let's enter the credentials.
All the data of Android apps are stored under the location
/data/data/. The Android OS creates unique directories for each app. The name of the directory is the same as the package name. For DIVA app, the package name is:
Use Android Debug Bridge (
adb) tool to connect to the emulator or physical device in which the app is running. Execute
NOTE: When you connect to an emulator, it gives you
rootaccess. If you are using a physical device, make sure it is rooted. If not, you cannot access
Move to the directory where are the DIVA app's data is stored. Execute
Let's check if any file was recently modified. Execute the command
Voila ! We could see that the folder
shared_prefs was recently modified.
Shared Preference is one among the different ways of storing data of an Android application. Shared Preferences allow you to save and retrieve data in the form of key, value pair.
Listing the files inside the
shared_prefs directory, we can see a file
Let's look at the contents of the file. Execute
Finally, we got the credentials.
- Emulators allow you to start the
rootuser, whereas you have to manually root the physical device to get
- The data of an Android application is stored at the location
/data/data/<package_name>. No app can access other app's data. Only the respective app and
rootuser could access the contents in the directory.
- Shared Preference is a way to store data of an Android app in the form of value, key pair. It stores these values under