It's reported that FB Messenge is the most secure App for instant messaging service. Let's see if FB messenger is secure enough or not. I'll evaluate it according to OWASP Mobile Top 10 risks.
The first one of OWASP Moble Top ten risks is M1- "Insecure Data Storage".
For example:
1.Sensitive data left unprotected
2.Sensitive data in temporarily/cache files
3.Weak or global permissions(ie: SD Card)
Let's extract FB Messenger from Angela's smart phone and take a look. Oh no~ User ID and User Name is right there in plaintext. FB Messenger violates the OWASP Mobile Top ten risks M1. Let's see how bad the situation is.
Also we could dig out info about her FB contacts.
Furthermore we could got the URL of pics.
All we have to do is copy and paste the URL into browser. Ok it looks like a StartBucks coffee. You know lots of people like to take selfies. There is much chance that you could see his/her selfie.
Where is the database containing chat messages? Here you are. We could see which fbid talked to each other and what they've talked about.
浙公网安备 33010602011771号