Another important storage mechanism in android is SDCARD or external storage where apps can store data. Some of the well-known applications store their data in the external storage. Care should be taken while storing data on SDCARD as it's world writable and readable or better yet simply remove the SDCARD from the device. We can then mount it to another device, for us to access and read the data.
Let's use the earlier example and instead of storing it in the internal storage, the application now stores it on the external storage, that is, the SDCARD:
String publicKeyFilename = public.key; String privateKeyFilename = private.key; try{ GenerateRSAKeys generateRSAKeys = new GenerateRSAKeys(); Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Generate public & private keys KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "BC"); //create base64 handler BASE64Encoder b64 = new BASE64Encoder(); //Create random number SecureRandom rand = secureRandom(); generator.initialize(2048, rand); //generate key pair KeyPair keyPair = generator.generateKeyPair(); Key publicKey = keyPair.getPublic(); Key privateKey = keyPair.getPrivate(); FileOutputStream fos = null; try { //save public key file = new File(Environment.getExternalStorageDirectory().getAbsolutePath()+"/vulnApp/",publicKeyFilename); fos = new FileOutputStream(file); fos.write(b64.encode(publicKey.getEncoded())); fos.close(); //save private key file = new File(Environment.getExternalStorageDirectory().getAbsolutePath()+"/vulnApp/",privateKeyFilename); fos = new FileOutputStream(file); fos.write(b64.encode(privateKey.getEncoded())); fos.close(); } catch (FileNotFoundException e){ e.printStackTrace(); } catch (IOException e){ e.printStackTrace(); } } catch (Exception e) { System.out.println(e); } }
As we can see, this app uses Environment.getExternalStorageDirectory()
to save the private key in the vulnapp
directory of SDCARD. So any malicious app can read this key and send it to some remote server on the Internet.
In order for the app to have access to external storage, the preceding code requires WRITE_EXTERNAL_STORAGE
permission in the AndroidManifest.xml
file:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
3.15.144.56