Keyboard Caching Enabled


Description

The application has keyboard caching enabled. Mobile platforms provide applications with keyboard caching functionality for auto-correct and form completion when users enter data. If sensitive data is entered, keyboard caching may cause the data to be stored on the phone. Attackers with access to the phone can retrieve previously cached data and expose sensitive or private information.

Impact

Keyboard caching increases the risk of the exposure of sensitive information. If data such as credit card numbers, social security numbers, or other sensitive information is input into the application, it may be saved to the phone and accessed at a later date. The data may be exposed the next time the input field is used or an attacker with root access may be able to access cached data from previous users.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply