Skip to content
Last updated: July 10, 2024

MASTG-TEST-0200: Files Written to External Storage

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

The goal of this test is to retrieve the files written to the external storage and inspect them regardless of the APIs used to write them. It uses a simple approach based on file retrieval from the device storage before and after the app is exercised to identify the files created during the app's execution and to check if they contain sensitive data.

Steps

  1. Make sure you have adb installed.
  2. Install the app.
  3. Before running the app, get the current list of files in the external storage.
  4. Exercise the app.
  5. After running the app, retrieve the list of files in the external storage again.
  6. Calculate the difference between the two lists.

Observation

The output should contain a list of files that were created on the external storage during the app's execution.

Evaluation

The test case fails if the files found above are not encrypted and leak sensitive data.

To confirm this, you can reverse engineer the app and inspect the code.

Demos