VULNERABILITY DETAILS
ADB Backup is ENABLED for this app (default: ENABLED).ADB Backup is a good tool for backing up all of your files. If it's open for this app, people who have your phone can copy all of the sensitive data for this app in your phone (Prerequisite: 1.Unlock phone's screen 2.Open the developer mode). The sensitive data may include lifetime access token, username or password, etc.

VERSION
Platform: Android
Package Name:chrome
Package Version Name: 64.0.3282.137
Package Version Code: 328213711

REPRODUCTION CASE
ADB Backup is a good tool for backing up all of your files. If it's open for this app, people who have your phone can copy all of the sensitive data for this app in your phone (Prerequisite: 1.Unlock phone's screen 2.Open the developer mode). The sensitive data may include lifetime access token, username or password, etc.
           
Security case related to ADB Backup:
1.http://www.securityfocus.com/archive/1/530288/30/0/threaded
2.http://blog.c22.cc/advisories/cve-2013-5112-evernote-android-insecure-storage-of-pin-data-bypass-of-pin-protection/
3.http://nelenkov.blogspot.co.uk/2012/06/unpacking-android-backups.html

Reference: http://developer.android.com/guide/topics/manifest/application-element.html#allowbackup

Full Report of app Test is attached for more Information.



 

Deleted: com.android.chrome_caf7315ab94124e4b3d59e0e6d90ec6909de932cff16216b8fdb7115eb0a03b793ee8a6b33af8ef0c2a8ed4c0383866e744f9ed5b1fe6d3d57dfde55567b571a.txt 26.7 KB

com.android.chrome_caf7315ab94124e4b3d59e0e6d90ec6909de932cff16216b8fdb7115eb0a03b793ee8a6b33af8ef0c2a8ed4c0383866e744f9ed5b1fe6d3d57dfde55567b571a.txt 26.7 KB View Download