Senses

Stored Application Data · SynAc

TERM

Stored Application Data

Adversaries may try to access and collect application data resident on the device. Adversaries often target popular applications, such as Facebook, WeChat, and Gmail.(Citation: SWB Exodus March 2019)

Updated

Jan 06, 2026

Senses

Sense 1

Adversaries may try to access and collect application data resident on the device. Adversaries often target popular applications, such as Facebook, WeChat, and Gmail.(Citation: SWB Exodus March 2019) Due to mobile OS sandboxing, this technique is only possible in three scenarios: An application stores files in unprotected external storage An application stores files in its internal storage directory with insecure permissions (e.g. 777) The adversary gains root permissions on the device

Adversaries may try to access and collect application data resident on the device. Adversaries often target popular applications, such as Facebook, WeChat, and Gmail.(Citation: SWB Exodus March 2019)

Due to mobile OS sandboxing, this technique is only possible in three scenarios:

An application stores files in unprotected external storage
An application stores files in its internal storage directory with insecure permissions (e.g. 777)
The adversary gains root permissions on the device

MITRE ATT&CK (Mobile, CTI STIX Data)

Bibliography

MITRE ATT&CK (Mobile, CTI STIX Data)
Accessed Jan 06, 2026Quoted
MITRE ATT&CK CTI (STIX bundle)
https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/mobile-attack/mobile-attack.json
See repository LICENSE.txt for ATT&CK terms: non-exclusive royalty-free license; reproduce MITRE copyright + license in copies. Verify requirements before publishing quoted text.
Source: MITRE ATT&CK (attack-stix-data).