ImmuniWeb security scan found a high risk issue

Wilfred · April 6, 2021, 12:10pm

After scanning the apk file, ImmuniWeb has found a unencrypted SQLite database. This is not created or used by us. Does anyone know where it comes from?

ImmuniWeb
Description: The mobile application uses an unencrypted SQLite database.
This database can be accessed by an attacker with physical access to the mobile device or a malicious application with root access to the device. The application should not store sensitive information in clear text.

Details: In file Web Data:

TABLES:
meta
sqlite_autoindex_meta_1
autofill
sqlite_autoindex_autofill_1
autofill_name
autofill_name_value_lower
credit_cards
sqlite_autoindex_credit_cards_1
autofill_profiles
sqlite_autoindex_autofill_profiles_1
autofill_profile_names
autofill_profile_emails
autofill_profile_phones
autofill_profiles_trash
masked_credit_cards
unmasked_credit_cards
server_card_metadata
server_addresses
server_address_metadata
autofill_sync_metadata
sqlite_autoindex_autofill_sync_metadata_1
autofill_model_type_state

ghenne · April 6, 2021, 12:56pm

It doesn’t look like anything VoltBuilder would cause.

Looking at it, could it be the browser’s auto fill data?

Wilfred · April 6, 2021, 2:05pm

Could be… We use the app as a shell to connect to our webapp. So if it is not voltbuilder/cordova then it may be the inAppBrowser plugin we are using.

HankLloydRight · April 6, 2021, 11:34pm

It’s part of Google Chrome.

I think Cordova/Android swaps in a chromium browser plugin in place of the InAppBrowser in APK files. But InAppBrowser has been deprecated in iOS, so you should try to upgrade to WKWebView if you need an iOS app.