The most common areas where we find mobile application data resides

Eslam Medhat (Ethical Hacking, Bug Bounty and Penetration Testing)
A free video tutorial from Eslam Medhat (Ethical Hacking, Bug Bounty and Penetration Testing)
Hacking, Ethical Hacking, Bug Bounty and Penetration Testing
4.2 instructor rating • 4 courses • 11,470 students

Learn more from the full course

Mobile Application Hacking and Penetration Testing (Android)

Practice Mobile Application Hacking and Penetration Testing against a number of real world mobile applications.

01:20:29 of on-demand video • Updated September 2020

  • You will understand the different types of vulnerabilities that affect mobile applications and have the practical knowledge to attack and exploit them.
  • Perform real world attacks on Android Devices and Apps.
  • By the end of the course , You will learn How to Fuzz mobile apps.
  • OWASP Top Ten Mobile and Web most common vulnerabilities.
  • Build your own home lab on mobile application security.
  • By the end of the course , You will learn Mobile applications reverse engineering.
  • Practice on real world mobile applications.
  • Provides you the skills necessary to peform Penetration tests of mobile applications.
English In this lecture, we will be talking about common areas to find sensitive data as you can see this graphic. cover the most common areas where we find that mobile app data resides. The first one is the private application folder. This is the folder that gets created every time you install an application and use it on a device. In iOS and Android. Each app has its own folder where data is stored in files here. Next is SD card. So on Android there is either the external removable SD card or emulated SDcard. But this is another common storage location specific to Android where things can be accessed. System log files applies to all platforms and these log files are generated not just specific to a mobile app but for the device itself. So things like error logs are stored here. And what we find is that during development a lot of developers will enable logging and debugging to track issues but we have also seen developers forget to toggle back of before the app go to production. So we always find a lot of sensitive app data stored in the system log files. Next is the key chain which is a popular palace to store user credentials and passwords for iOS. RAM is another area. It is where data is temporarily stored. The idea is that when you sign out of an application or there is session time out it's expected that sensitive data should automatically be cleared by the application. Next is source code. It is where values are hardcoded in the app itself and residing on the phone. We have seen sensitive passwords and other values hard coded so that's where code analysis comes into play. Last one on the list is with web cache or web history on the devices which is another common area that you should look at.