Cwa-app-android: [BSI][0.5.4-alpha] App Snapshots Enabled
Rating: Low
Description:
When an app is sent to the background, Android takes a snapshot of the latest view of the application and saves it on the file system. If this snapshot contains sensitive data, a malicious app can obtain such data from the sanpshot.
The snapshot is saved outside of the app's sandbox, therefore any malicious app can access it only if it has root privileges or can bypass sandboxing limitations.
Proof of concept - see picture below:
BSI-TF-CWA
All 2 comments
Hello @BSI-TF-CWA,
this finding has been resolved in pull request #108 (currently only dev branch), therefore I am closing this issue. If the implemented fix is not sufficient please let us know and repoen the issue.
Thanks and best,
Marc
marcmuschko
on 3 Jun 2020
@BSI-TF-CWA Could you clarify the following sentence for me? I can't really wrap my head around the second part (all after comma).
The snapshot is saved outside of the app's sandbox, therefore any malicious app can access it only if it has root privileges or can bypass sandboxing limitations.
Is the sentence above equivalent to "The snapshot is saved outside of the app's sandbox, and only apps with root privileges or apps that can bypass sandboxing limitations can access the snapshot"?
ironjan
on 19 Jun 2020
Related issues
Teddy265
路
3Comments
wmertens
路
3Comments
Diapolo
路
3Comments
marceljay
路
3Comments
ironjan
路
3Comments
Most helpful comment
@BSI-TF-CWA Could you clarify the following sentence for me? I can't really wrap my head around the second part (all after comma).
Is the sentence above equivalent to "The snapshot is saved outside of the app's sandbox, and only apps with root privileges or apps that can bypass sandboxing limitations can access the snapshot"?