MASTG-TEST-0304: Sensitive Data Stored Unencrypted via SQLite

Placeholder MASTG-TEST

This test hasn't been created yet and it's a placeholder. But you can check its status or start working on it yourself. If the issue has not yet been assigned, you can request to be assigned to it and submit a PR with the new content for that test by following our guidelines.

Check our GitHub Issues for MASTG-TEST-0304

If an issue doesn't exist yet, please create one and assign it to yourself or request to be assigned to it.

Draft Description

This test checks if the app uses the default SQLite API (e.g., SQLiteOpenHelper, context.openOrCreateDatabase) to store sensitive data (e.g., tokens, PII) in an unencrypted database file within the app's sandbox. It confirms the absence of secure alternatives like SQLCipher or encrypted databases.

For more details, check the associated weakness: Sensitive Data Stored Unencrypted in Private Storage Locations

Demos

MASTG-DEMO-0068: Reserved for MASWE-0006 - Unencrypted SQLite Storage (Alternative Demo)