Adversaries may try to access and collect application data resident on the device. Adversaries often target popular applications, such as Facebook, WeChat, and Gmail.
Due to mobile OS sandboxing, this technique is only possible in three scenarios:
FlexiSpy uses a
|S0316||Pegasus for Android||
Pegasus for Android accesses sensitive data in files, such as messages stored by the WhatsApp, Facebook, and Twitter applications. It also has the ability to access arbitrary filenames and retrieve directory listings.
|S0289||Pegasus for iOS|
|M1006||Use Recent OS Version||
Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications’ internal storage directories, regardless of permissions.
Application vetting services could detect when applications store data insecurely, for example, in unprotected external storage.