rspec/rules/S6301/impact.adoc

=== What is the potential impact?

If an attacker is able to find the encryption key for the mobile database, this can potentially have severe consequences.

==== Theft of sensitive data

If a mobile database is encrypted, it is likely to contain data that is sensitive for the user or the app publisher. For example, it can contain personally identifiable information (PII), financial data, login credentials, or other sensitive user data.

By not protecting the encryption key properly, it becomes very easy for an attacker to recover it and then decrypt the mobile database. At that point, the theft of sensitive data might lead to identity theft, financial fraud, and other forms of malicious activities.
Modify rule S6301: update to LaYC format (APPSEC-973) (#2984) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) 2023-08-30 13:55:19 +02:00			`=== What is the potential impact?`

			`If an attacker is able to find the encryption key for the mobile database, this can potentially have severe consequences.`

			`==== Theft of sensitive data`

			`If a mobile database is encrypted, it is likely to contain data that is sensitive for the user or the app publisher. For example, it can contain personally identifiable information (PII), financial data, login credentials, or other sensitive user data.`

			`By not protecting the encryption key properly, it becomes very easy for an attacker to recover it and then decrypt the mobile database. At that point, the theft of sensitive data might lead to identity theft, financial fraud, and other forms of malicious activities.`