Skip to content

MASTG-TEST-0200: Files Written to External Storage

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

The goal of this test is to retrieve the files written to the external storage and inspect them regardless of the APIs used to write them. It uses a simple approach based on file retrieval from the device storage ( Host-Device Data Transfer) before and after the app is exercised to identify the files created during the app's execution and to check if they contain sensitive data.

Steps

  1. Make sure you have adb installed.
  2. Install the app ( Installing Apps).
  3. Before running the app, get the current list of files ( Host-Device Data Transfer) in the external storage.
  4. Exercise the app.
  5. After running the app, retrieve the list of files in the external storage again.
  6. Calculate the difference between the two lists.

Observation

The output should contain a list of files that were created on the external storage during the app's execution.

Evaluation

The test case fails if the files found above are not encrypted and leak sensitive data.

To confirm this, you can reverse engineer the app( Decompiling Java Code) and inspect the code( Reviewing Decompiled Java Code).

Demos

MASTG-DEMO-0001: File System Snapshots from External Storage