Insecure Data Storage in Vine Android App
Android applications use a local SQLite database to store information.
This particular database was located here:
Getting this bounty is as easy as opening up the database and finding improperly stored credentials.
How To Perform
- Get a rooted phone
- Follow these steps laid out by Vishwa Patel
- To view the contents of your local database you need to download a software called Sqlite Studio: http://sqlitestudio.one.pl/
- Download and install Sqlite Studio on your computer
- Connect your phone to your computer, make sure you turn on USB Debugging. USB Debugging can be activated from Settings -> Applications -> USB Debugging (or Settings -> Developer Options -> USB Debugging if you are using Ice cream sandwich).
- Open DDMS view in Eclipse and open the File Explorer tab in DDMS and then go to data -> data -> (name-of-your-application) -> databases. Now pull the data file from the databases folder onto your computer.
- Open Sqlite Studio and import the data file that you have just pulled from your android phone.
- View the contents of your database!