{
	"id": "233d27b0-cba2-4159-a5b0-4d129933ae8c",
	"created_at": "2026-04-06T00:17:46.294815Z",
	"updated_at": "2026-04-10T03:21:37.170726Z",
	"deleted_at": null,
	"sha1_hash": "e5e0c9eb03f25725eec0e1d9455cb15df182aea5",
	"title": "APP-3 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41090,
	"plain_text": "APP-3 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 15:26:54 UTC\r\nMobile Threat Catalogue\r\nSensitive Information in System Logs\r\nContribute\r\nThreat Category: Vulnerable Applications\r\nID: APP-3\r\nThreat Description: Mobile application developers may unintentionally expose sensitive information by storing\r\nit in system logs designed to troubleshoot problems. An example would be logging the username and password for\r\na failed user-to-app authentication attempt. An attacker with access to the system log would gain unauthorized\r\naccess to the information.\r\nThreat Origin\r\nNot Applicable, See Exploit or CVE Examples\r\nExploit Examples\r\nCVE Examples\r\nCVE-2012-2630\r\nCVE-2014-0647\r\nPossible Countermeasures\r\nMobile App Developer\r\nAvoid logging sensitive data in an unencrypted state, even to files internal to the app, as these files may be\r\nexposed in backups or direct access to the device’s file system.\r\nUse the Compatibility Test Suite, which checks for the presence of potentially sensitive information in the system\r\nlogs; See https://source.android.com/security/overview/implement.html.\r\nEnterprise\r\nConsider the use of devices that support Android 4.1 or later, in which apps can no longer access the system log\r\n(other than reading log entries added by the app itself).\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-3.html\r\nPage 1 of 2\n\nUse app-vetting tools or services to identify apps that store sensitive information in system logs or other unsecure\r\nstorage locations.\r\nMobile Device User\r\nConsider the use of devices that support Android 4.1 or later, in which apps can no longer access the system log\r\n(other than reading log entries added by the app itself).\r\nReferences\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-3.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-3.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-3.html"
	],
	"report_names": [
		"APP-3.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434666,
	"ts_updated_at": 1775791297,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e5e0c9eb03f25725eec0e1d9455cb15df182aea5.pdf",
		"text": "https://archive.orkl.eu/e5e0c9eb03f25725eec0e1d9455cb15df182aea5.txt",
		"img": "https://archive.orkl.eu/e5e0c9eb03f25725eec0e1d9455cb15df182aea5.jpg"
	}
}