offsecnotes
Star

Security Misconfiguration

Backup

adb backup allows you to create a backup of an Android device’s data. It can back up app data, system setting, etc.

Testing

Requirement: android:allowBackup="true" in the AndroidManifest.xml

# Backup one application with its apk
adb backup -apk <package_name> -f <backup_name>.ab

# Restore backup
adb restore <backup_name>.ab

# Alternative way
adb shell
bu backup <package_name>

# Restore
adb shell
bu restore backup.ab

Debuggable

The android:debuggable attribute indicates if the application is debuggable and it is set to false by default [๐Ÿ”—]. Check android:debuggable="true" in the AndroidManifest.xml.

Note: you cannot release a debuggable app on Google Play Store [๐Ÿ”—] [๐Ÿ”—].

Impact

  1. Debug an application. See Debug application code

  2. You can use run-as command to read and extract, without root privileges, all files inside the app internal storage. [๐Ÿ”—].

adb shell
run-as com.package id

Extract data from internal storage

adb exec-out run-as <package_name> tar c . > output.tar

WebView - Debug

Requirements:

  • setWebContentsDebuggingEnabled is set to true
  • OR android:debuggable="true" (setWebContentsDebuggingEnabled is enabled automatically if the app is declared) More info: [๐Ÿ”—].

Testing

  1. Open the application on your phone
  2. Open chrome on your machine chrome://inspect/#devices
  3. In the โ€œRemote Targetโ€ section, you will find the device and the app. Click on inspect.
  4. Now you can look for Application Storage, Network traffic, etc.