offsecnotes
Star

Security misconfiguration

Backup

adb backup allows you to create a backup of an Android device’s data. It can back up app data, system setting, etc.

Testing

Requirement: android:allowBackup="true" in the AndroidManifest.xml

# Backup one application with its apk
adb backup -apk <package_name> -f <backup_name>.ab

# Restore backup
adb restore <backup_name>.ab

# Alternative way
adb shell
bu backup <package_name>

# Restore
adb shell
bu restore backup.ab

Debuggable

The android:debuggable attribute indicates if the application is debuggable and it is set to false by default []. Check android:debuggable="true" in the AndroidManifest.xml.

Note

You cannot release a debuggable app on Google Play Store [] [].

Impact

  1. Debug an application. See Debug application code

  2. You can use run-as command to read and extract, without root privileges, all files inside the app internal storage. [].

    adb shell
run-as com.package id

    Extract data from internal storage

    adb exec-out run-as <package_name> tar c . > output.tar

WebView - Debug

Requirements:

  • setWebContentsDebuggingEnabled is set to true
  • OR android:debuggable="true" (setWebContentsDebuggingEnabled is enabled automatically if the app is declared). More info: setWebContentsDebuggingEnabled.

Testing

  1. Open the application on your phone
  2. Open chrome on your machine chrome://inspect/#devices
  3. In the “Remote Target” section, you will find the device and the app. Click on inspect.
  4. Now you can look for Application Storage, Network traffic, etc.