Update MASTG-DEMO-0002.md to clarify file management in MediaStore

cpholguera · cpholguera · commit 6bf12fae652c · 2025-03-07T19:58:14.000+01:00
diff --git a/demos/android/MASVS-STORAGE/MASTG-DEMO-0002/MASTG-DEMO-0002.md b/demos/android/MASVS-STORAGE/MASTG-DEMO-0002/MASTG-DEMO-0002.md
@@ -22,6 +22,8 @@ The snippet below shows sample code that creates two files in external storage u
 
 The `run.sh` script injects a @MASTG-TOOL-0001 script named `script.js`. This script hooks and logs calls to the native `open` function and to `android.content.ContentResolver.insert`. It logs the paths of files written to external storage, the caller's stack trace, and additional details such as the `ContentValues` provided.
 
+**Note**: When apps write files using the `ContentResolver.insert()` method, the files are managed by Android's MediaStore and are identified by `content://` URIs, not direct file system paths. This design abstracts the actual file locations, making them inaccessible through standard file system operations like the `open` function in libc. Consequently, when using Frida to hook into file operations, intercepting calls to `open` won't reveal these files.
+
 {{ run.sh # script.js }}
 
 ### Observation
@@ -32,16 +34,21 @@ In the output you can observe the file paths, the relevant stack traces, and oth
 
 Two files are written to external storage:
 
-- `/storage/emulated/0/Android/data/org.owasp.mastestapp/files/secret.txt`: written via `java.io.FileOutputStream` from `org.owasp.mastestapp.MastgTest.mastgTestApi(MastgTest.kt:26)`.
-- `content://media/external/downloads/1000000108`: written via `android.content.ContentResolver.insert` from `org.owasp.mastestapp.MastgTest.mastgTestMediaStore(MastgTest.kt:44)`.
+- `/storage/emulated/0/Android/data/org.owasp.mastestapp/files/secret.txt`:
+    - Written via `java.io.FileOutputStream`
+    - Location: `org.owasp.mastestapp.MastgTest.mastgTestApi(MastgTest.kt:26)`.
+- `secretFile55.txt`:
+    - Written via `android.content.ContentResolver.insert`
+    - Location: `org.owasp.mastestapp.MastgTest.mastgTestMediaStore(MastgTest.kt:44)`.
+    - Found as URI: `content://media/external/downloads/1000000108`.
 
 The `ContentResolver.insert` call used the following `ContentValues`:
 
 - `_display_name: secretFile55.txt`
 - `mime_type: text/plain`
 - `relative_path: Download`
 
-Note that calls via `ContentResolver.insert` write to the MediaStore content provider rather than directly to the file system. As a result, you see a `content://` URI instead of a typical file path. However, the provided `ContentValues` still reveal the intended file name and the target directory.
+Using this information we can infer the path of the file written to external storage: `/storage/emulated/0/Download/secretFile55.txt`.
 
 ### Evaluation
 
