Read files with data from interviews

arodriguezf1295 · March 2, 2023, 5:47pm

Hi SS team,

Right now we are working with very delicated data on the interviews that are being applied through the country using tablets that were provided by a different company.

The question here is. Is it possibly that the company gets access to tha data that was on the interviews by having access to the files that the app Interviewer provides? Like backups or some files like those?

Thanks.

vitalii · March 2, 2023, 8:34pm

If you do not trust your device supplier one of the approaches you could be:

Receive the device.
Make factory reset of the device to remove all installed software.
Do not login to Play Store (if here is a requirement) using not controlled by you accounts.
Collect data.
Make factory reset of the device to remove all your information from devices.
Return device.

In general, Interviewer application encrypts data and in most of the cases it’s secure but it relies on Android operation system and theoretically, if perpetrator has access to device, a device could be prepared to expose some data.

arodriguezf1295 · March 2, 2023, 9:00pm

Thanks for the answer.

So basically since the app relies on a android operation system the data somehow could be obtained by decryption.

But at first instance data cannot be obtained that easy by just opening a file?

vitalii · March 2, 2023, 9:32pm

The answer is not that simple.
If the data exists and encrypted, if you have access to it and have option to decrypt it - initial data could be obtained.

Application stores data in the private storage in DB file with access regulated by Android (other applications should not have access to it in this storage).
Inside the DB file meaningful part of data is additionally encrypted.
Once interview is completed and after successful synchronization this file is deleted, collected data is not longer resides on the device.
Between collection of the data and synchronization there is theoretically possible attack planned in advanced, if the device was compromised and rooted, for instance, and specific software was installed.
There is also a communication channel with the sever and if a device was compromised and you are not using SSL and proxy was set up for the device this data could be stolen as well.

sergiy · March 6, 2023, 4:44pm

Which file? Your description “by having access to the files that the app Interviewer provides? Like backups or some files like those?” is not precise. If the company has or intercepts the Interviewer password and the Interviewer App has not been removed, then they can simply login as Interviewer and read any remaining data like a regular interviewer.

You can approach specialized data recovery companies for a professional advice on whether they can devise a strategy for recovery of any data from traces left in the storage media after the files are deleted by Android.

If you discover any way to get access to the data as “easy by just opening a file” please, report this as a security vulnerability with exact steps.