Clipboard Enabled


Description

The application has the clipboard enabled. Mobile platforms provide applications with clipboard functionality for copying and pasting data between applications. If sensitive data from the application is copied to the clipboard, this data may be stored on the phone. Existing apps or attackers with access to the phone can retrieve data from the clipboard and potentially expose sensitive or private information.

Impact

An enabled clipboard increases the risk of the exposure of sensitive information. If data such as credit card numbers, social security numbers, or other sensitive information is cut and paste from or into the application, it may be saved to the phone and accessed at a later date. Since the clipboard is available as a part of the phone platform, malicious apps can can retrieve any sensitive data that is stored in the clipboard. Attackers who have root access to the phone may also be able to retrieve data that has been copy and pasted by other users.

 

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply