File Storage security - TairinySimeonato/Android-App-Auditing GitHub Wiki
- the app manifest should indicate the app file permisions, file access and creation permissions (sdcard) - look into this more
- check if app has backup - research this
- on a rooted phone, you can impersonate the app using
su <user>.
- run
ls -alR in the app's directory to check if other users have rwx access to the app's files
- check if files are encrypted on disk - important for PII, credentials
- look at file creation
- look at folder creation
- should be stored in keystore API? - research
- system should handle credentials
- TPM - trusted plataform - secure chip, the chip is used to generate and store secrets
⚠️ **GitHub.com Fallback** ⚠️