| platform | title | tools | code | ||
|---|---|---|---|---|---|
android |
External Storage APIs Tracing with Frida |
|
|
The snippet below shows sample code that creates two files in the external storage using the getExternalFilesDir method and the MediaStore API.
{{ MastgTest.kt }}
- Ensure the app is running on the target device.
- Execute
run.sh. - Close the app once you finish testing.
The run.sh script will inject a Frida script called script.js.
{{ run.sh }}
The Frida script will hook and log calls to open and android.content.ContentResolver.insert.
{{ script.js }}
In the output you can see the paths and the relevant stack trace which helps to identify the actual APIs used to write to external storage and their respective callers.
{{ output.txt }}
There are two files written to the external storage:
/storage/emulated/0/Android/data/org.owasp.mastestapp/files/secret.txtwritten usingjava.io.FileOutputStreamfromorg.owasp.mastestapp.MastgTest.mastgTestApi(MastgTest.kt:26)content://media/external/downloads/27written usingandroid.content.ContentResolver.insertfromorg.owasp.mastestapp.MastgTest.mastgTestMediaStore(MastgTest.kt:44)
Note that the calls via ContentResolver.insert do not write directly to the file system, but to the MediaStore content provider, and therefore we can't see the actual file path, instead we see the content:// URI.
This test fails because the files are not encrypted and contain sensitive data (a password and an API key). You can further confirm this by reverse engineering the app and inspecting the code as well as retrieving the files from the device.