Unencrypted Local Database

Description

Caching sensitive data (tokens, PII, offline records) in SQLite/Realm without proper encryption and key management enables easy data theft on rooted/jailbroken or lost/stolen devices. Debuggable builds and backups further increase exposure.

Examples

Extract Database on Android

If run-as is available or on a rooted/emulator device:

adb shell run-as com.example.app cp /data/data/com.example.app/databases/app.db /sdcard/app.db
adb pull /sdcard/app.db .
sqlite3 app.db 'SELECT * FROM tokens LIMIT 5;'

Presence of tokens/PII in cleartext confirms the issue.

iOS Application Data

On a jailbroken device or simulator:

sqlite3 ~/Library/Developer/CoreSimulator/Devices/<UDID>/data/Containers/Data/Application/<APP-UUID>/Documents/app.db \
  'SELECT * FROM users LIMIT 5;'

Remediation

1. Encrypt at rest with strong keys
   • Use SQLCipher/Realm encryption; store keys in hardware‑backed keystores/Keychain; gate by user auth (Biometric/PIN).
2. Reduce and protect data
   • Avoid storing tokens/PII when possible; clear on logout; exclude from backups.
3. Hardening and detection
   • Detect rooted/jailbroken states and degrade functionality; avoid debuggable releases; monitor for suspicious backups.