Dear Reader, I build a mobile app using phonegap and ran it trough the Mobile App Security Test from ImmuniWeb. One of the risks that was identified is: Description:The mobile application can access external storage (e.g. SD card) in read or write mode. The application's data stored on the external data storage may be accessed by other applications (including malicious ones) under certain conditions and bring risks of data corruption or tampering. Details:There is 'getExternalStorageState()' found in file 'nl/xservices/plugins/SocialSharing.java': line 191: private String getDownloadDir() throws IOException { line 192: if (!"mounted".equals(Environment.getExternalStorageState())) { line 193: return null; There is 'getExternalFilesDir()' found in file 'nl/xservices/plugins/SocialSharing.java': line 194: } line 195: String dir = this.webView.getContext().getExternalFilesDir(null) + "/socialsharing-downloads"; line 196: createOrCleanDir(dir); There is 'getExternalStorageDirectory()' found in file 'com/darktalker/cordova/screenshot/Screenshot.java': line 74: try { line 75: File folder = new File(Environment.getExternalStorageDirectory(), "Pictures"); line 76: if (!folder.exists()) { Is there a way to disable the access to external storage? Thanks in advanced, Peter
asked
Peter Hüther
1 answers
0
Looks like this code comes from the SocialSharing plugin. If you’re not using it, then you can remove it from your config.xml file. If you are using the plugin, I think you’ll need to:
fork the plugin repository
edit the plugin code
point your config.xml file to your own fork of the plugin.