Question

11
Views
Amandeep Member since 2013 5 posts
DPE
Posted: 1 month ago
Last activity: 1 month 3 weeks ago

Pega Mobile App - v 8.1.2

Hi All,

We are using Pega mobile app v8.1.2 and got results of our penetration testing.The concerns were raised around the storage of application documents. Can anyone please suggest how to achieve this?

Problem statement: Mobile apps should store all their files within their own directories that only the app has visibility of, due to strict file/folder permissions inherent to the Android file system. In some cases, permissions may be loosened within an app’s file structure allowing other apps visibility into the contents of the files and folders.   Additionally, storing files on the /sdcard partition is insecure, as all apps have visibility of the files within this partition. 

Recommendation:  • Ensuring all files and folders only allow the app’s user/group read/write permissions 

Thanks

Pega Mobile Client Case Management Government
Share this page LinkedIn