A while back I posted about some static analysis techniques for analyzing file usage in Android applications and this post looks at the same topic but from the standpoint of an application developer making decisions about file storage for their apps.
If you are building applications for Android, you should always create files with the default permissions (Context.MODE_PRIVATE) This will make it so that only your app should be able to read the file and write to the file. Other malicious applications – even if they know the file’s location – should not be able to modify it. If you have to create a file that is readable by other applications (Context.MODE_WORLD_READABLE) you should probably have a good reason and you should assume that any data stored in that file might be read by any other application installed on the device. If you have to create a file that is writable by other applications (Context.MODE_WORLD_WRITEABLE) you should have an even better reason and you should assume that malicious apps will corrupt the contents of this file. This means that any time data from this file is used it must be positively validated to make sure that any changes made to the file by other apps do not cause unexpected behavior.
PLEASE NOTE: If a device with your application falls into the hands of a malicious user, or if another application is able to execute an attack that elevates its privileges then they will still have access to the files so you should plan accordingly and never store truly sensitive information on mobile devices.It is much safer to store sensitive data server-side and retrieve it to the device only when needed.
dan _at_ denimgroup.com