Skip to content

MASTG-TEST-0298: Runtime Monitoring of Files Eligible for Backup

Overview

This test logs every file system API use, such as open, fopen, NSFileManager, or FileHandle that creates or writes files to the app's data container at /var/mobile/Containers/Data/Application/$APP_ID to identify which files are eligible for backup.

Files stored in the tmp or Library/Caches subdirectories should not be logged, as they are not backed up.

Steps

  1. Use Installing Apps to install the app.
  2. Use Method Hooking to hook the relevant APIs.
  3. Exercise the app extensively to trigger as many flows as possible and enter sensitive data wherever you can.

Observation

The output should list every file the app opens that is eligible for backup.

Evaluation

The test case fails if any sensitive files are found in the output.

Best Practices

MASTG-BEST-0023: Exclude Sensitive Information from Backups

Demos

MASTG-DEMO-0067: Runtime Tracking of Files Eligible for Backup with Frida