Man-in-the-Disk – The new Attack surface for Android Apps

[Aug 13, 2018]

Man-in-the-Disk Attack Shows How External Storage by App Opens An Android Phone To Serious Attacks. It opens a new attack surface that would allow an attacker to replace, or to manipulate the data that stored on the External Storage.

These attacks are possible when app use External Storage without performing proper validations. Man-in-the-Disk allows an attacker to perform a silent installation of malicious apps to the user’s phone, DoS attack over legitimate apps, code injection and it also cause applications to crash.

Attackers convince the user to install a legitimate app that contains attackers script which in turn asks user permission for external storage, once the user granted permission the attacker monitor the data transfer between the user device and external storage.

Cyber Security Tips:

  • The external space mostly the SD cards, it doesn’t have Android built-in Sandbox protection and the resource is shared across all the applications. Users are urged not to grant permission to any unauthenticated App to use External Space.
  • The Android application developers documentation provides guidelines on how the external storage for apps to be managed. It is highly recommended to follow this guideline to restrict Man-in-Disk Attack.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: