October 19th, 2009 by ahoogWhile finalizing our white paper on Android Forensics, I came across the rather surprising finding that Android browser (com.android.browser) stores extremely sensitive information such as passwords (and conveniently the website URL in the same row) and form data in plain text. I was quite surprised at this as Android, in general, has a fairly strong security model and this seems like a pretty serious (and simple to fix) oversight. Here are a few things I located:
- User name, passwords and associated URL
- Recovery of deleted user name, passwords and associated URLS
- Full records of Google searches (with data/time)
- Form data record, including name of the field (making it really each to piece together user’s home address, for instance)
- Web history, cookies, etc.
This is great stuff for forensic analysts, not so great for everyone else. Stay tuned for more updates…or sign up for updates on our Android Forensics white paper.
