Skip to content

Latest commit

 

History

History
42 lines (35 loc) · 2.88 KB

threat-modeling.md

File metadata and controls

42 lines (35 loc) · 2.88 KB

Threat Model Analysis for square/leakcanary

Threat: Heap Dump Information Disclosure

  • Description: An attacker gains unauthorized access to heap dump files generated by LeakCanary. This could be achieved through physical device access, malware, or compromising developer environments.
  • Impact: Exposure of sensitive data within heap dumps, including user credentials, PII, business secrets, and database connection strings. This can lead to account compromise, privacy violations, reputational damage, and financial loss.
  • LeakCanary Component Affected: HeapDumper, File Storage.
  • Risk Severity: High
  • Mitigation Strategies:
    • Strictly use LeakCanary in debug builds only.
    • Store heap dumps in the application's internal storage.
    • Enforce restrictive file permissions on heap dump files.
    • Regularly delete old heap dumps.
    • Secure developer environments.
    • Minimize sensitive data in memory during debug builds.

Threat: Accidental LeakCanary Inclusion in Release Build

  • Description: Developers mistakenly include LeakCanary in the release build. This can occur due to incorrect build configuration, errors in build scripts, or insufficient release testing.
  • Impact:
    • Information disclosure in production through heap dumps on user devices.
    • Performance degradation and battery drain for users due to LeakCanary's resource consumption.
    • Increased attack surface in production due to unintended code inclusion.
  • LeakCanary Component Affected: Entire LeakCanary library.
  • Risk Severity: Critical
  • Mitigation Strategies:
    • Utilize robust Gradle build configurations with debugImplementation for LeakCanary.
    • Implement automated build and release pipelines.
    • Thoroughly test release builds to verify LeakCanary exclusion.
    • Conduct code reviews to check for accidental inclusion.
    • Employ static analysis tools to detect LeakCanary in release builds.

Threat: Performance Denial of Service (Indirect)

  • Description: If LeakCanary is accidentally included in a release build, its continuous operation can consume significant device resources, leading to application slowdowns, unresponsiveness, and battery drain.
  • Impact: Denial of service for users, poor user experience, negative app reviews, and potential user churn due to performance issues.
  • LeakCanary Component Affected: ObjectWatcher, HeapDumper, AnalysisProcessor.
  • Risk Severity: High
  • Mitigation Strategies:
    • Strictly use LeakCanary in debug builds only.
    • Monitor user feedback and crash reports in release builds for performance issues that might indicate accidental LeakCanary inclusion.