Android Password Managers and Vault Applications: Data Storage Security Issues Identification

Abstract

The data entrusted to a password manager / vault application is the most valuable asset for which such application is responsible to provide a secure long-term storage. To check to what degree the popular Android password managers / vault applications are protecting the long-term stored data entrusted to them, we analyze the data storage security of two of them, based on both the public and private knowledge about their implementations that are available from their official documentations, their source code or can be revealed by using advanced reverse engineering tools and techniques, including runtime analysis and debugging techniques. More specifically, we suggest a data storage security issues identification methodology and then we apply this methodology to conduct a digital investigation in a forensically sound manner. Based on the investigation results, a potential investigator will be able to read, reconstruct and forge some of the data which have been created by the legitimate user and entrusted to the examined password managers / vault applications. In addition to this, a potential investigator will also be able to change certain applications settings on behalf of the legitimate user. To confirm our findings and also to verify their applicability, we develop several different custom attacks against the examined applications. More precisely, we conduct simulative attacks against the latest versions of the examined applications in order to provide a proof of concept showing how the security of these applications can be breached by a potential attacker.