Insecure Data Storage in Vine Android App

Hi Twitter, - **Vulnerability Class:**OWASP M2 : Insecure Data Storage Every application needs to store something secret, like a website username,password, cookies etc. , internal storage is the place to do it, android sandbox prevents other applications from accessing this data but,In vine android app developers have chosen to store secret information without any additional encryption in place. - **Where I found it?** `/data/data/co.vine.android/databases/webview.db` - **POC:**Please see the screenshot of SQLite database. - **SEVERITY:** What is more severe than clear text username password storage and with the JavaScript and file system access enabled , Its not going to be hard for attacker to steal this info from the database or the whole database. - **Reference**: I believe in basics :https://www.owasp.org/index.php/Mobile_Top_10_2014-M2 Please revert if more information needed. It will be fine for me to spare more time in this vulnerability issue. #:)# **Happy to help.** Regards.