ABSTRACT

On line of , the method writes data to Android's external storage.

EXPLANATION

Files saved to the external storage are world-readable and can be modified by the user when they enable USB mass storage to transfer files on a computer. Also, files on the external storage card will remain there even after the application that wrote the files is uninstalled. These limitations can compromise sensitive information written out to storage or allow attackers to inject malicious data into the program by modifying an external file it relies on.

Example 1: In the code below, Environment.getExternalStorageDirectory() returns a reference to the Android device's external storage.

 private void WriteToFile(String what_to_write) { 
try{
File root = Environment.getExternalStorageDirectory();
if(root.canWrite()) {
File dir = new File(root + "write_to_the_SDcard");
File datafile = new File(dir, number + ".extension");
FileWriter datawriter = new FileWriter(datafile);
BufferedWriter out = new BufferedWriter(datawriter);
out.write(what_to_write);
out.close();
}
}

REFERENCES

[1] Data Storage

[2] Paul McNamara Latest 'lost' laptop holds treasure-trove of unencrypted ATT payroll data Network World

[3] Standards Mapping - FIPS200 - (FISMA) MP