packageorg.owasp.mastestappimportandroid.content.Contextimportandroid.util.Logimportjava.io.Fileimportjava.io.FileOutputStreamimportjava.io.IOExceptionimportandroid.content.ContentValuesimportandroid.os.Environmentimportandroid.provider.MediaStoreimportjava.io.OutputStreamclassMastgTest(privatevalcontext:Context){funmastgTest():String{mastgTestApi()mastgTestMediaStore()return"SUCCESS!!\n\nFiles have been written with API and MediaStore"}funmastgTestApi(){valexternalStorageDir=context.getExternalFilesDir(null)valfileName=File(externalStorageDir,"secret.txt")valfileContent="secr3tPa\$\$W0rd\n"try{FileOutputStream(fileName).use{output->output.write(fileContent.toByteArray())Log.d("WriteExternalStorage","File written to external storage successfully.")}}catch(e:IOException){Log.e("WriteExternalStorage","Error writing file to external storage",e)}}funmastgTestMediaStore(){try{valresolver=context.contentResolvervarrandomNum=(0..100).random().toString()valcontentValues=ContentValues().apply{put(MediaStore.MediaColumns.DISPLAY_NAME,"secretFile$randomNum.txt")put(MediaStore.MediaColumns.MIME_TYPE,"text/plain")put(MediaStore.MediaColumns.RELATIVE_PATH,Environment.DIRECTORY_DOWNLOADS)}valtextUri=resolver.insert(MediaStore.Downloads.EXTERNAL_CONTENT_URI,contentValues)textUri?.let{valoutputStream:OutputStream?=resolver.openOutputStream(it)outputStream?.use{it.write("MAS_API_KEY=8767086b9f6f976g-a8df76\n".toByteArray())it.flush()}Log.d("MediaStore","File written to external storage successfully.")}?:run{Log.e("MediaStore","Error inserting URI to MediaStore.")}}catch(exception:Exception){Log.e("MediaStore","Error writing file to URI from MediaStore",exception)}}}
Open an app and exercise it to trigger file creations.
Execute run_after.sh.
Close the app once you finish testing.
123456
#!/bin/bash# SUMMARY: This script creates a dummy file to mark a timestamp that we can use later# on to identify files created during the app exercising
adbshell"touch /data/local/tmp/test_start"
1 2 3 4 5 6 7 8 910
#!/bin/bash# SUMMARY: List all files created after the creation date of a file created in run_before
adbshell"find /sdcard/ -type f -newer /data/local/tmp/test_start">output.txt
adbshell"rm /data/local/tmp/test_start"
mkdir-pnew_files
whileread-rline;doadbpull"$line"./new_files/
done<output.txt
This test fails because the files are not encrypted and contain sensitive data (a password and an API key). You can further confirm this by reverse engineering the app and inspecting the code.