-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MASWE-0004] Sensitive Data Not Excluded From Backup #2542
Comments
I am not sure there is a reliable way to exclude files from backup on iOS.
https://developer.apple.com/documentation/foundation/optimizing_your_app_s_data_for_icloud_backup If this is really the case, isn't the full risk already covered by #2544. Or should there really be a separate issue for this (@cpholguera) |
NEW! Please review and include info and reference: https://developer.android.com/privacy-and-security/risks/backup-leaks |
Description
Create a new risk for "Sensitive Data Not Excluded From Backup (MASVS-STORAGE-2)" using the following information:
sensitive data can be excluded to prevent it from being backed up.
Create "
risks/MASVS-STORAGE/2-***-****/data-not-excluded-backup/risk.md
" including the following content:To complete the sections follow the guidelines from Writing MASTG Risks & Tests
Use at least the following references:
When creating the corresponding tests, use the following areas to guide you:
android:fullBackupContent
(Android 11-) orandroid:dataExtractionRules
(Android 12+)isExcludedFromBackup
(iOS)MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
risks/MASVS-STORAGE/2-***-****/data-not-excluded-backup/risk.md
)The text was updated successfully, but these errors were encountered: