CWE-530: Exposure of Backup

Description

The application stores sensitive data in a backup file that can be accessed by other applications. This can allow attackers to steal sensitive data from the backup file. For example, an attacker can steal user credentials from the backup file.

Manifest Scanner Check

$ manifest-scanner -f /path/to/android-project -c CWE-530

References

• https://developer.android.com/guide/topics/data/backup
• https://developer.android.com/guide/topics/manifest/application-element