Link to this headingStorage

Link to this headingApplication Data Directory

  • Located at /data/data/<package-name>/

Link to this headingShared Preferences

  • Located in /data/data/<package-name>/shared_prefs/

Verify that their is no MODE_WORLD_WRITEABLE and MODE_WORLD_READABLE. This has been deprecated from API 17.

Adding info to Shared Preferences in Java:

SharedPreferences sharedPref = getSharedPreferences("key"); SharedPreferences.Editor editor = sharedPref.edit(); editor.putString("username", "administrator"); editor.putString("password", "supersecret"); editor.commit();

File Contents:

>>> cat /data/data/<package-name>/shared_prefs/key.xml <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="username">administrator</string> <string name="password">supersecret</string> </map>

Encrypted Preferences:
This Module is in Beta
Source

This uses a Master AES-GCM key to encrypt the data in the Shared Preferences folder.
The Master Key is stored in the Android Keystore.

Link to this headingSQLite Databases

  • Usually located in /data/data/<package-name>/databases/

Creating a Database in Java:

SQLiteDatabase notSoSecure = openOrCreateDatabase("privateNotSoSecure", MODE_PRIVATE, null); notSoSecure.execSQL("CREATE TABLE IF NOT EXISTS Accounts(Username VARCHAR, Password VARCHAR);"); notSoSecure.execSQL("INSERT INTO Accounts VALUES('admin','AdminPass');"); notSoSecure.close();

Link to this headingSQLCipher Databases

  • Encrypted Databases

Creating a Encrypted Database in Java:

SQLiteDatabase secureDB = SQLiteDatabase.openOrCreateDatabase(database, "password123", null); secureDB.execSQL("CREATE TABLE IF NOT EXISTS Accounts(Username VARCHAR,Password VARCHAR);"); secureDB.execSQL("INSERT INTO Accounts VALUES('admin','AdminPassEnc');"); secureDB.close();

Link to this headingRealm Databases

MongoDB SDK
Realm Studio

Frida Hooks:
Enter The Realm
Sample Android Application using Realm Database encryption

Link to this headingExternal Storage

  • Stuff stored on the SDcard can be accessed by any application

Creating a File in External Storage:

File file = new File (Environment.getExternalFilesDir(), "password.txt"); String password = "SecretPassword"; FileOutputStream fos; fos = new FileOutputStream(file); fos.write(password.getBytes()); fos.close();

Things to Grep For:

  • getExternal*

Link to this headingInstalling Packages

Things to Grep For:

  • vnd.android.package-archive