In Android apps, data can be written to files, distributed using shared preferences, or stored in databases.  In all these case, if the data is sensitive, it is important to keep the data secure.  That is, it should not be possible for other apps (or, more strictly, apps with different userids) to be able to access this data. This can be ensured by creating the file, shared preference or database with MODE_PRIVATEMODE_PRIVATE is a constant defined by the class android.content.Context. It may be used as the mode parameter in the methods openFileOutput(), getSharedPreferences(), and openOrCreateDatabase() (which are all also defined in the class android.content.Context).

Noncompliant Code Example

This noncompliant code example shows an application that creates a file that is world readable, and hence not secure.

openFileOutput("someFile", MODE_WORLD_READABLE);

Any application could read the file and access any data stored in it.

Compliant Solution

In this compliant solution the file is created using MODE_PRIVATE, so it cannot be accessed other than by apps with the same userid as the app that created the file.

openFileOutput("someFile", MODE_PRIVATE);

Risk Assessment

Creating a file, shared preference, or database without setting MODE_PRIVATE can leak sensitive information.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD05-J

High

Probable

Medium

P12

L1

Automated Detection

Automatic detection of the mode used when a file, shared preference, or database is created is straightforward. It is not feasible to automatically determine whether the data written to the file, shared preference, or database is sensitive.

Bibliography

[Android API 2013]Class Context