Skip to content

MASTG-TEST-0200: Files Written to External Storage

Overview

The goal of this test is to retrieve the files written to the external storage ( External Storage) and inspect them regardless of the APIs used to write them. It uses a simple approach based on file retrieval from the device storage ( Host-Device Data Transfer) before and after the app is exercised to identify the files created during the app's execution and to check if they contain sensitive data.

Steps

  1. Use Installing Apps to install the app.
  2. Use Host-Device Data Transfer to get the current list of files in the external storage.
  3. Exercise the app extensively to trigger as many flows as possible and enter sensitive data wherever you can.
  4. Use Host-Device Data Transfer to retrieve the list of files in the external storage again.
  5. Calculate the difference between the two lists.

Observation

The output should contain a list of files that were created on the external storage during the app's execution.

Evaluation

The test case fails if the files found above are not encrypted and leak sensitive data.

Further Validation Required:

Inspect the content of each reported file to determine whether the data is sensitive:

  • Determine whether the file contains sensitive information (e.g., personal data, credentials, or tokens).
  • Determine whether the data is stored without encryption.

Demos

MASTG-DEMO-0001: File System Snapshots from External Storage