Screen Caching Enabled
Screen Caching Enabled
Overview of the Vulnerability
Screen caching occurs when an application is sent to the background and a screenshot is taken in order to make it appear that the application is shrinking while moving between applications on the mobile screen. Personal information can be unknowingly captured in this screen cache and stored unencrypted on the phone. An attacker could abuse this screen caching being enabled to steal sensitive information that is captured and stored unencrypted when a user exits the application.
Business Impact
This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.
Steps to Reproduce
Log in to the mobile application and access a screen where sensitive information is displayed
Click the home button, and navigate to where the mobile operating system stores cached application screenshots
Observe the screenshot taken that captures sensitive information when the home button was clicked
Proof of Concept (PoC)
The screenshots below demonstrate the screen caching displaying sensitive information:
{{screenshot}}
Recommendation(s)
For any application pages that contain sensitive information, it is recommended to blur or hide the contents of the screen when it is sent to the background.
Last updated