Storing data locally is a common task for mobile applications. Such data includes files among other things. One convenient way to store files is to use the external file storage which usually offers a larger amount of disc space compared to internal storage.
Files created on the external storage are globally readable and writable. Therefore, a malicious application having the permissions
WRITE_EXTERNAL_STORAGE
or READ_EXTERNAL_STORAGE
could try to read sensitive information from the files that other
applications have stored on the external storage.
External storage can also be removed by the user (e.g when based on SD card) making the files unavailable to the application.
Your application uses external storage to:
There is a risk if you answered yes to any of those questions.
import android.content.Context; public class AccessExternalFiles { public void accessFiles(Context context) { context.getExternalFilesDir(null); // Sensitive } }
import android.content.Context; public class AccessExternalFiles { public void accessFiles(Context context) { context.getFilesDir(); } }