Mobile Top 10 2012-M1 Insecure Data Storage

Threats Agents include lost/stolen phones and the possibility of in-the-wild exploit/malware gaining access to the device.  A malicious agent hooks up an unprotected device to a computer with commonly available software. They are able to see all third party application directories that often contain stored personal information. M1, insecure data storage, occurs when development teams assume that users will not have access to the phones file system. Devices file systems are often accessible easily and you should expect a malicious user to be inspecting your data stores. Rooting or jailbreaking a device usually circumvents any encryption protections and in some cases, where data is not protected properly, all that is needed to view application data is to hook the phone up to a computer and use some specialized tools. Insecure data storage can result in data loss, in the best case, for one user. In the worst case, for many users. Common valuable pieces of data seen stored include:  Insert text here
 * Usernames
 * Authentication tokens
 * Passwords
 * Cookies
 * Location data
 * UDID/EMEI, Device Name, Network Connection Name
 * Personal Information: DoB, Address, Social, Credit Card Data
 * Application Data:
 * Stored application logs
 * Debug information
 * Cached application messages
 * Transaction histories