Unsafe files deletion

[tusharsarkar]

bug report

When you delete a file using file.delete(), only the reference to the file is removed from the file system table. The file still exists on disk until other data overwrites it, leaving it vulnerable to recovery

Platform

Platform: Android

Expected behavior

First of all the developer must consider if there is an absolute need to save sensitive data in files that will be kept on customer side If this is really required then - whenever there will be the need to remove a file - it is strongly suggested to first empty it [e.g. writing an empty string and saving it] before calling the actual deletion. This will fix the vulnerability Additionally, please consider to encrypt any sensitive file in such a way that its content is protected against snooping also during its known life on device, not just after deletion

Actual behavior

Because of what just explained everything you delete may be recovered by any user or attacker, especially on rooted devices

Code having isssue

On file fr/greweb/reactnativeviewshot/RNViewShotModule.java

if (parentFile.equals(this.reactContext.getExternalCacheDir()) || parentFile.equals(this.reactContext.getCacheDir())) { file.delete(); }

for (File file2 : listFiles) { if (file2.delete()) { Log.d(RNViewShotModule.RNVIEW_SHOT, "deleted file: " + file2.getAbsolutePath());