Palo Alto Networks Unveils Security Risks in Android Internal Storage

New research shows potential for attack in more than 94% of popular Android mobile applications

Palo Alto Networks Santa Clara, CA , Mon Aug 18 22:00:00 PDT 2014 于 Mon Aug 18 22:00:00 PDT 2014

Santa Clara, Calif., August 19, 2014 – Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, today presented new research highlighting security risks in the internal storage used by applications on Google Android devices. More than 94 percent of popular Android applications are potentially vulnerable.

Android Internal Storage is a protected area that Android-based applications use to store private information, including usernames and passwords. But as Palo Alto Networks research reveals, an attacker may be able to steal sensitive information from most of the applications on an Android device using the Android Debug Bridge (ADB) backup/restore function. In addition, most of the security enhancements added by Google to prevent this type of attack can be bypassed.

Key details:

  • Anyone using a device running version 4.0 of Android – about 85 percent of Android systems in use today – is potentially vulnerable
  • To use ADB, an attacker would need physical access to the device, whether borrowing or stealing it from the user; an attacker could also take control of a system to which the device is connected via USB
  • Over 94 percent of popular Android applications, including pre-installed email and browser applications, use the backup system, meaning users are vulnerable
  • Many Android applications will store user passwords in plain text in Android Internal Storage, meaning almost all popular e-mail clients, FTP clients and SSH client applications are vulnerable
  • Google has set the default for applications to allow back-ups; application developers are responsible for disabling the feature or otherwise restricting backups; however, the high percentage of applications that have not disabled or restricted backups suggests many developers are unaware of the risks

Palo Alto Networks recommends Android users disable USB debugging when not needed, and application developers to protect Android users by setting android:allowBackup to false in each Android application’s AndroidManifest.xml file or restricting backups from including sensitive information using a BackupAgent.

Read full technical details regarding today’s announcement on the Unit 42 research blog.


Palo Alto Networks at HITCON

Palo Alto Networks researcher Claud Xiao is scheduled to present details of these findings and demonstrate Android internal storage weaknesses today at the Hacks in Taiwan (HITCON) conference in Taipei, Taiwan, 13:00 (1:00 a.m. Eastern time).  



“We encourage users to be aware and Google to take a closer look at this storage weakness in Android. Given Android’s place as the world’s most popular mobile operating system, millions of users are potentially at risk.” – Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks



Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats.  Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today's dynamic computing environments: applications, users, and content.  Find out more at

Palo Alto Networks and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Media Contacts:

Jennifer Jasper-Smith
Head of Corporate Communications
Palo Alto Networks