Stored Application Data

Adversaries may try to access and collect application data resident on the device. Adversaries often target popular applications, such as Facebook, WeChat, and Gmail. Due to mobile OS sandboxing, this technique is only possible in three scenarios: * An application stores files in unprotected external storage * An application stores files in its internal storage directory with insecure permissions (e.g. 777) * The adversary gains root permissions on the device