Freely subscribe to our NEWSLETTER

Android Internal Storage is a protected area that Android-based applications use to store private
information, including usernames and passwords. But as Palo Alto Networks research reveals, an
attacker may be able to steal sensitive information from most of the applications on an Android device
using the Android Debug Bridge (ADB) backup/restore function. In addition, most of the security
enhancements added by Google to prevent this type of attack can be bypassed.
Key details:

• Anyone using a device running version 4.0 of Android – about 85 percent of Android systems in
use today – is potentially vulnerable

• To use ADB, an attacker would need physical access to the device, whether borrowing or stealing
it from the user; an attacker could also take control of a system to which the device is connected
via USB

• Over 94 percent of popular Android applications, including pre-installed email and browser
applications, use the backup system, meaning users are vulnerable

• Many Android applications will store user passwords in plain text in Android Internal Storage,
meaning almost all popular e-mail clients, FTP clients and SSH client applications are vulnerable

• Google has set the default for applications to allow back-ups; application developers are
responsible for disabling the feature or otherwise restricting backups; however, the high
percentage of applications that have not disabled or restricted backups suggests many
developers are unaware of the risks
Palo Alto Networks recommends Android users disable USB debugging when not needed, and
application developers to protect Android users by setting android:allowBackup to false in each Android
application’s AndroidManifest.xml file or restricting backups from including sensitive information using a
BackupAgent.