跳转至

Insecure Data Storage(移动不安全的数据存储)

题介绍

研发人员将敏感信息比如管理员账号和密码保存到app中,如果当手机丢失或者被root的设备上,将会导致敏感信息泄露

功能实现

app源代码

 protected void onCreate(Bundle savedInstanceState) {
        // TODO Auto-generated method stub
        super.onCreate(savedInstanceState);
        setContentView(R.layout.ids);
        createDatabase();
        insertKey();
    }

    public void createDatabase() {
        try {
            Members = this.openOrCreateDatabase("Members", MODE_PRIVATE, null);
            Members.execSQL("CREATE TABLE IF NOT EXISTS Members " +
                            "(id integer primary key, name VARCHAR, password VARCHAR);"
            );

            File database = getApplication().getDatabasePath("Members.db");

            if (!database.exists()) {
                Toast.makeText(this, "Database Created", Toast.LENGTH_SHORT).show();
            } else
                Toast.makeText(this, "Database Missing", Toast.LENGTH_SHORT).show();

        } catch (Exception e) {
            Log.e("DB ERROR", "Error Creating Database");
        }
    }

    public void insertKey(){
        Members.execSQL("DELETE FROM Members;");
        Members.execSQL("INSERT INTO Members (name, password) VALUES ('Admin','Battery777');");
    }

创建一个Members数据库, 插入账号和密码

解题步骤

连接MobileShepherdVM3.2.3虚拟机
Alt + F1 进入命令行
cat /data/data/com.mobshep.insecuredata/databases/Members

查看敏感信息

总结

敏感信息不应该保存到app端

Back to top