We are using Pega mobile app v8.1.2 and got results of our penetration testing.The concerns were raised around the storage of application documents. Can anyone please suggest how to achieve this?
Problem statement: Mobile apps should store all their files within their own directories that only the app has visibility of, due to strict file/folder permissions inherent to the Android file system. In some cases, permissions may be loosened within an app’s file structure allowing other apps visibility into the contents of the files and folders.
Additionally, storing files on the /sdcard partition is insecure, as all apps have visibility of the files within this partition.
• Ensuring all files and folders only allow the app’s user/group read/write permissions