After a detailed assessment of risks involved in using databases, we also propose preliminary mitigation strategies. This study also contributes to the enhancement of future app development process by providing an insight to the developers regarding the deployment of better security settings. To evaluate the ubiquity of these vulnerabilities, we conducted the analysis of 18 popular android apps belonging to various categories by modeling the SQLite database of these apps. This paper attempts to expose vulnerabilities of SQLite databases in android apps through demonstrating attacks. This paper reveals two such vulnerabilities detected in SQLite databases of android apps - storing sensitive data in plain-text and synchronization. This exposes them to vulnerabilities which may be utilized by attackers or malware writers to launch attacks such as stealing of data, tampering, etc. users or other apps, developers pay less attention towards their security settings. Considering the SQLite database safe from external access i.e. These databases are inherently private and reside in the internal memory of an android device (restricting the access to users and other apps). In this paper, we conduct a thorough study to analyze SQLite databases in android apps.
0 Comments
Leave a Reply. |