Mitigation Strategy: Implement Encryption for Sensitive Data in MMKV
- Mitigation Strategy: MMKV Data-at-Rest Encryption
- Description:
- Identify Sensitive Data in MMKV: Specifically pinpoint all sensitive data that your application stores within MMKV instances.
- Encrypt Before Storing in MMKV: Before writing sensitive data to MMKV using MMKV APIs, encrypt it using a robust algorithm like AES-256. Utilize platform-provided crypto libraries for secure implementation.
- Secure Key Management for MMKV Encryption: Implement secure key management specifically for MMKV encryption keys. Leverage Android Keystore or iOS Keychain to protect these keys, ensuring they are not stored insecurely within the application or MMKV itself.
- Decrypt After Retrieving from MMKV: When reading sensitive data from MMKV using MMKV APIs, decrypt it immediately after retrieval and before using it in your application logic.
- Threats Mitigated:
- Data Breach from Device Loss/Theft (High Severity): If a device with MMKV data is lost or stolen, encryption prevents unauthorized access to sensitive information stored in MMKV files.
- Malware Access to MMKV Data (Medium Severity): Malware attempting to read MMKV files will encounter encrypted data, hindering access to sensitive information.
- Physical Access Attacks on MMKV Storage (Medium Severity): Encryption protects MMKV data even if an attacker gains physical access to the device's storage and MMKV files.
- Impact:
- Data Breach from Device Loss/Theft (High Reduction): Encryption effectively mitigates this threat for data stored in MMKV.
- Malware Access to MMKV Data (Medium Reduction): Significantly increases the difficulty for malware to extract sensitive information from MMKV.
- Physical Access Attacks on MMKV Storage (Medium Reduction): Makes accessing and understanding MMKV data much harder for attackers with physical access.
- Currently Implemented: Partially implemented. User authentication tokens stored in MMKV are encrypted using AES-256. Encryption keys are derived and managed using Android Keystore/iOS Keychain.
- Missing Implementation: Application settings and user preferences currently stored in MMKV are not encrypted. Encryption should be extended to all sensitive data within MMKV, including user profile information if deemed sensitive.
Mitigation Strategy: Restrict File System Permissions for MMKV Storage
- Mitigation Strategy: MMKV File System Permission Hardening
- Description:
- Verify Default MMKV Permissions: Confirm that the default file system permissions for MMKV's storage directory are appropriately restrictive on each platform (Android, iOS, macOS). MMKV typically uses application-private directories.
- Prevent Permission Loosening for MMKV: Ensure application code and build configurations do not inadvertently weaken the default permissions of the MMKV storage directory or individual MMKV files.
- Maintain Least Privilege for MMKV Access: The application should only access MMKV files with the necessary permissions and avoid requesting or granting broader file system access that could compromise MMKV data security.
- Regularly Audit MMKV Permissions: Periodically check the file system permissions of the MMKV storage directory to ensure they remain restrictive, especially after application updates or configuration changes that might affect file access.
- Threats Mitigated:
- Unauthorized Access to MMKV by Other Applications (Medium Severity): If MMKV file permissions are too open, malicious apps on the same device could potentially access and read or modify MMKV data.
- Privilege Escalation Exploiting MMKV Permissions (Low to Medium Severity): While less direct, overly permissive MMKV file permissions could be a component in more complex privilege escalation attacks.
- Impact:
- Unauthorized Access to MMKV by Other Applications (Medium Reduction): Restricting permissions significantly reduces the risk of unauthorized access to MMKV data from other apps.
- Privilege Escalation Exploiting MMKV Permissions (Low Reduction): Contributes to a more secure application environment by minimizing potential attack surfaces related to file access.
- Currently Implemented: Implemented by default by the OS and application sandbox. The application does not explicitly modify MMKV file permissions.
- Missing Implementation: No automated process to regularly verify the correct configuration of MMKV file permissions, particularly during development and deployment changes. Implementing an automated check in CI/CD would be beneficial.
Mitigation Strategy: Minimize Storage of Highly Sensitive Data in MMKV and Consider Alternatives
- Mitigation Strategy: MMKV Sensitive Data Minimization & Secure Alternatives
- Description:
- Classify Data Stored in MMKV by Sensitivity: Categorize all data currently stored in MMKV based on its sensitivity level. Identify data that is extremely sensitive and should ideally not be in MMKV.
- Evaluate MMKV Risk for Highly Sensitive Data: For data classified as highly sensitive, critically assess if MMKV's file-based storage and lack of built-in strong security features are acceptable risks.
- Migrate Critical Secrets from MMKV to Secure Storage: For extremely sensitive data like cryptographic keys or raw passwords, migrate storage away from MMKV to platform-provided secure storage mechanisms like Android Keystore or iOS Keychain. These are designed for secrets and offer hardware-backed security.
- Minimize Sensitive Data Retention in MMKV: Reduce the duration for which sensitive data is stored in MMKV. Implement policies to delete or archive sensitive data from MMKV when it's no longer actively needed.
- Tokenize/Redact Sensitive Data in MMKV Where Possible: Where feasible, replace highly sensitive data with tokens or redacted versions before storing in MMKV, especially for non-critical use cases where the full sensitive data is not required.
- Threats Mitigated:
- Exposure of Critical Secrets Stored in MMKV (High Severity): Storing highly sensitive secrets directly in MMKV increases the risk of exposure if MMKV files are compromised.
- Increased Impact of MMKV Data Breaches (High Severity): If highly sensitive data is compromised from MMKV, the potential damage from a data breach is significantly greater.
- Impact:
- Exposure of Critical Secrets Stored in MMKV (High Reduction): Using dedicated secure storage mechanisms for secrets almost eliminates the risk of direct secret exposure from MMKV.
- Increased Impact of MMKV Data Breaches (High Reduction): Minimizing highly sensitive data in MMKV reduces the potential damage from a breach affecting MMKV files.
- Currently Implemented: Partially implemented. Cryptographic keys for token encryption are stored in Android Keystore/iOS Keychain, not in MMKV.
- Missing Implementation: User session tokens and some user profile details are still stored in MMKV. A review is needed to determine if user profile details should be considered "highly sensitive" and moved to more secure storage or minimized within MMKV.
Mitigation Strategy: Implement Data Integrity Checks for Critical MMKV Data
- Mitigation Strategy: MMKV Data Integrity Verification
- Description:
- Identify Critical Data in MMKV for Integrity: Determine which specific data stored in MMKV is critical for application functionality and requires assurance of data integrity.
- Calculate and Store Integrity Value for MMKV Data: When writing critical data to MMKV, calculate a checksum or cryptographic hash (e.g., SHA-256) of the data. Store this integrity value alongside the data in MMKV (either in the same MMKV instance or a separate one).
- Verify MMKV Data Integrity on Retrieval: When reading critical data from MMKV, recalculate the checksum or hash of the retrieved data. Compare this recalculated value with the stored integrity value retrieved from MMKV.
- Handle MMKV Integrity Check Failures: If the integrity check fails (values don't match), treat the data from MMKV as potentially corrupted or tampered with. Implement error handling, such as logging the error and requesting fresh data or informing the user.
- Threats Mitigated:
- Data Corruption in MMKV (Low to Medium Severity): Detects accidental data corruption within MMKV files due to storage errors or software bugs.
- Data Tampering in MMKV (Medium Severity): Makes it more difficult for an attacker to maliciously modify data within MMKV files without detection. Cryptographic hashes are more effective against tampering.
- Impact:
- Data Corruption in MMKV (Medium Reduction): Effectively detects and allows for handling of data corruption within MMKV.
- Data Tampering in MMKV (Medium Reduction): Increases the effort and risk for attackers attempting to tamper with data stored in MMKV.
- Currently Implemented: Not currently implemented for any data stored in MMKV.
- Missing Implementation: Data integrity checks are not implemented for any data in MMKV. This should be considered for critical application settings and user preferences stored in MMKV to ensure reliable application behavior and prevent potential exploitation through data manipulation within MMKV.
Mitigation Strategy: Exclude Sensitive MMKV Files from Backups (Conditional and Cautious)
- Mitigation Strategy: MMKV Backup Exclusion (Conditional)
- Description:
- Assess Backup Exposure Risk for MMKV Data: Evaluate the specific risk of sensitive data stored in MMKV being exposed through device backups (e.g., cloud backups).
- Prioritize MMKV Encryption First: Implement strong data-at-rest encryption for sensitive data in MMKV (Strategy 1) as the primary mitigation for backup exposure. Encryption often makes backup exclusion unnecessary.
- Conditional MMKV Backup Exclusion (If Still Needed): If, after implementing encryption for MMKV data, there are still compelling reasons to prevent backup (e.g., strict regulatory requirements), consider conditionally excluding MMKV files from device backups.
- Use Platform Backup Exclusion for MMKV: Utilize platform-specific mechanisms to exclude MMKV files from backups (e.g.,
android:allowBackup="false"in Android manifest,isExcludedFromBackupKeyon iOS). - Document and Justify MMKV Backup Exclusion: Thoroughly document the decision to exclude MMKV files from backups, the specific reasons, and the potential consequences for data recovery.
- Inform Users About MMKV Backup Implications (If Relevant): If MMKV backup exclusion impacts user data recovery, transparently inform users in the privacy policy or app documentation.
- Threats Mitigated:
- Data Leakage of MMKV Data through Backups (Medium Severity): Unencrypted or weakly encrypted sensitive data in MMKV could be exposed if device backups are compromised.
- Impact:
- Data Leakage of MMKV Data through Backups (Medium Reduction - potential data recovery impact): Excluding MMKV files from backups prevents them from being included in backup archives, reducing backup leakage risk. However, this may prevent restoring MMKV data from backups.
- Currently Implemented: Not currently implemented. Application backups are enabled, and MMKV files are included in backups.
- Missing Implementation: MMKV backup exclusion is not implemented. A risk assessment is needed to determine if exclusion is necessary in addition to encryption, considering the trade-off with data recovery. If exclusion is needed, platform mechanisms should be implemented, and data recovery implications carefully considered.
Mitigation Strategy: Keep MMKV Library Updated to Patch Vulnerabilities
- Mitigation Strategy: MMKV Library Update Management
- Description:
- Track MMKV Dependency Version: Maintain a clear record of the specific version of the MMKV library used in the application.
- Regularly Check for MMKV Updates: Periodically monitor the official MMKV project (e.g., GitHub repository) for new releases, security advisories, and bug fixes.
- Promptly Update MMKV Library: When new MMKV versions are released, especially those addressing security vulnerabilities, update the application's MMKV dependency to the latest version as quickly as possible.
- Use Automated Dependency Management for MMKV: Utilize dependency management tools (like Gradle, CocoaPods, Swift Package Manager) to simplify updating the MMKV library and managing its version.
- Test Application After MMKV Updates: After updating the MMKV library, thoroughly test the application to ensure compatibility and that the update has not introduced any regressions or new issues related to MMKV usage.
- Threats Mitigated:
- Exploitation of Known MMKV Library Vulnerabilities (Variable Severity - can be High): Outdated MMKV versions may contain known security vulnerabilities that attackers could exploit. Updating patches these vulnerabilities in MMKV itself.
- Impact:
- Exploitation of Known MMKV Library Vulnerabilities (High Reduction): Keeping MMKV updated significantly reduces the risk of attackers exploiting known vulnerabilities within the MMKV library code.
- Currently Implemented: Partially implemented. Dependency versions are tracked, but MMKV updates are not performed on a regular, automated schedule, especially for security patches.
- Missing Implementation: Automated checks for MMKV updates and a process for promptly applying updates, particularly security-related updates, are needed. Integrating dependency checking into CI/CD and establishing a policy for timely MMKV updates would improve security.
Mitigation Strategy: Conduct MMKV-Specific Security Code Reviews
- Mitigation Strategy: MMKV-Focused Security Code Reviews
- Description:
- Schedule MMKV-Focused Reviews: Incorporate security code reviews specifically focused on code sections that interact with MMKV into the development lifecycle.
- Review MMKV Security Aspects: During these reviews, specifically examine security aspects related to MMKV usage, including:
- Correct implementation of encryption for MMKV data (if used).
- Secure key management practices for MMKV encryption keys.
- Validation and sanitization of data retrieved from MMKV.
- Proper error handling when interacting with MMKV APIs.
- Avoidance of insecure coding patterns when using MMKV.
- Security Expertise for MMKV Reviews: Involve developers with security knowledge in these MMKV-focused code reviews, or provide security training to the development team specifically on secure MMKV usage.
- Use Checklists for MMKV Security Reviews: Develop and use checklists during MMKV-focused code reviews to ensure all relevant security aspects of MMKV usage are systematically examined.
- Remediate and Verify MMKV Security Issues: Ensure that any security issues identified during MMKV-focused code reviews are properly fixed and verified after remediation.
- Threats Mitigated:
- Insecure MMKV Usage Patterns in Application Code (Variable Severity): Code reviews can identify insecure coding practices related to MMKV that could introduce vulnerabilities (e.g., improper encryption, lack of validation of MMKV data).
- Logic Errors in MMKV Interactions Leading to Security Issues (Variable Severity): Reviews can uncover logic errors in how the application interacts with MMKV that could have security implications.
- Impact:
- Insecure MMKV Usage Patterns (Medium to High Reduction): MMKV-focused code reviews are effective in identifying and correcting insecure coding practices related to MMKV, reducing vulnerabilities from improper usage.
- Logic Errors in MMKV Interactions (Medium Reduction): Helps identify and prevent logic errors in MMKV interactions that could have security consequences.
- Currently Implemented: Code reviews are performed, but security is not always the primary focus, and MMKV-specific security considerations are not explicitly and systematically addressed in every review.
- Missing Implementation: Formalized, MMKV-specific security code reviews with dedicated checklists are not consistently implemented. Integrating MMKV security checklists into the code review process and providing targeted security training on MMKV usage would enhance this mitigation.