The data at rest is a very critical part of the assessment. Our usual concern remains that our application data is securely stored on our Android devices so that no one can extract data from it in the case of theft or loss. Also, an application (malicious) cannot access the data of another application (such as banking).

Our target app is FourGoats. All the app data resides in /data/data/org.owasp.goatdroid.FourGoats in an Android device. In this app folder, we can see that there is a shared_prefs folder, a database folder, and several other folders installed by the app. In the following screenshot, you can see that all the files in the shared_prefs folder of the FourGoats app are world-readable:

This means that any app that ...