🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Insecure Data Storage

Insecure data storage in mobile applications creates opportunities attackers to exploit vulnerabilities and gain unauthorised access to sensitive information.

Remediation

  • Ensure all sensitive data is stored using strong encryption algorithms such as AES-256. Avoid storing plaintext data.
  • Implement secure key management practices. Use platform-provided key storage mechanisms, like the Android Keystore or iOS Keychain, to store encryption keys securely.
  • Minimise the storage of sensitive information on the device unless absolutely necessary. Instead, store such data on secure, remote servers and retrieve it as needed.
  • Use secure tokens for session management and avoid storing sensitive session data on the device.
  • Disable caching of sensitive information in application memory or system logs. Configure views to avoid screenshots or snapshots.

Metadata

  • Severity: low
  • Slug: insecure-data-storage

OWASP

  • M9:2024: Insecure Data Storage

Available Labs

Open Java labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.