Disable access of external storage for mobile app

Dear Reader, I build a mobile app using phonegap and ran it trough the Mobile App Security Test from ImmuniWeb. One of the risks that was identified is: Description:The mobile application can access external storage (e.g. SD card) in read or write mode. The application's data stored on the external data storage may be accessed by other applications (including malicious ones) under certain conditions and bring risks of data corruption or tampering. Details:There is 'getExternalStorageState()' found in file 'nl/xservices/plugins/SocialSharing.java': line 191: private String getDownloadDir() throws IOException { line 192: if (!"mounted".equals(Environment.getExternalStorageState())) { line 193: return null; There is 'getExternalFilesDir()' found in file 'nl/xservices/plugins/SocialSharing.java': line 194: } line 195: String dir = this.webView.getContext().getExternalFilesDir(null) + "/socialsharing-downloads"; line 196: createOrCleanDir(dir); There is 'getExternalStorageDirectory()' found in file 'com/darktalker/cordova/screenshot/Screenshot.java': line 74: try { line 75: File folder = new File(Environment.getExternalStorageDirectory(), "Pictures"); line 76: if (!folder.exists()) {   Is there a way to disable the access to external storage? Thanks in advanced, Peter
1 answers

Looks like this code comes from the SocialSharing plugin. If you’re not using it, then you can remove it from your config.xml file. If you are using the plugin, I think you’ll need to:

  • fork the plugin repository
  • edit the plugin code
  • point your config.xml file to your own fork of the plugin.