MASTG-TEST-0306: Sensitive Data Stored Unencrypted via Android Room DB

Placeholder MASTG-TEST

This test hasn't been created yet and it's a placeholder. But you can check its status or start working on it yourself. If the issue has not yet been assigned, you can request to be assigned to it and submit a PR with the new content for that test by following our guidelines.

Check our GitHub Issues for MASTG-TEST-0306

If an issue doesn't exist yet, please create one and assign it to yourself or request to be assigned to it.

Draft Description

This test checks if the app uses the Android Room Persistence Library to store sensitive data (e.g., tokens, PII) without integrating an encryption layer (e.g., SQLCipher). It confirms the database file is stored in plaintext within the app's private sandbox.

For more details, check the associated weakness: Sensitive Data Stored Unencrypted in Private Storage Locations

Demos

MASTG-DEMO-0070: Sensitive Data Stored Unencrypted via Room Database