List view
- No due date•0/2 issues closed
## What are the requirements proposed? - [ ] Implement secure storage mechanisms (_e.g._ [KeyStore](https://developer.android.com/training/articles/keystore)) - [ ] No PII is stored outside of the application's container. - [ ] Sensitive data is not exposed to any external processes (logs, external storage, SD-card, IPC, etc.). [MSTG-Storage-3](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05d-testing-data-storage#testing-logs-for-sensitive-data-mstg-storage-3), [4](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05d-testing-data-storage#determining-whether-sensitive-data-is-sent-to-third-parties-mstg-storage-4), [6](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05d-testing-data-storage#determining-whether-sensitive-stored-data-has-been-exposed-via-ipc-mechanisms-mstg-storage-6) - [ ] Keyboard Cache disabled for sensitive data. [MSTG-Storage-5](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05d-testing-data-storage#determining-whether-the-keyboard-cache-is-disabled-for-text-input-fields-mstg-storage-5) - [ ] Sensitive data should not be exposed to the user without validation (CC, user profile, etc.). Passwords, pins, and tokens should in no way be present on the interface. [MSTG-Storage-7](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05d-testing-data-storage#checking-for-sensitive-data-disclosure-through-the-user-interface-mstg-storage-7) ## What does threat does these requirements tackle? Exposure of sensitive data to malicious applications and actors that could have access to the phone. ## What are the references being used for these requirements? [MASVS V2: Data Storage and Privacy Requirements](https://github.com/OWASP/owasp-masvs/blob/master/Document/0x07-V2-Data_Storage_and_Privacy_requirements.md) General [Android Data Security](https://developer.android.com/topic/security/data) General [Data Storage Guidance](https://developer.android.com/training/data-storage) in classes.
No due date•0/6 issues closed