Storing user passwords in Google Chrome on Android

Hi Habr! I am a young developer specializing in Android development and information security. Not so long ago, I wondered: how does Google Chrome store saved user passwords? Analyzing the information from the network and the files of the chrome itself ( this article was especially informative), I found certain similarities and differences in the implementation of saving passwords on different platforms, and for demonstration I wrote applications for extracting passwords from the Android version of the browser.

How it works?

As we can know from various online publications on this topic, Google Chrome on a PC stores the passwords of its users in the following directory:

"C: \ Users \ SomeUser \ AppData \ Local \ Google \ Chrome \ User Data \ Default \" in the file " Login Data ".

This file is a SQLite database, and it is quite possible to open and view it. In the logins table we can see the following fields of interest: origin_url (site address), username_value (login), password_value (password). The password is represented by a byte array, and is encrypted using a machine key, individual for each system. More details can be found in this article. Thus, some kind of protection in the Windows client is present.

Android

But since I'm more interested in Android, my attention was taken, respectively, by the Android browser client.
')
By “picking up” the Google Chrome package ( com.android.chrome ), I found that its structure is very similar to the structure of a PC client, and it was not difficult to find the exact same database responsible for storing user passwords. The full path to the database is: "/data/data/com.android.chrome/app_chrome/Default/Login Data" . In general, this database is very similar to its “big sister” from the PC version, having only one, but a very significant difference - passwords are stored here in clear form. The question arises: is it possible to programmatically extract passwords from the database? The answer turned out to be quite obvious - yes, if your application has root-rights.

Implementation

For greater clarity, it was decided to make your own tool to extract passwords from the browser database.

If you describe his work in two words, it works like this:

• Gets root.
• Copies Chrome database to its directory.
• Using chmod gets access to a copy of the database.
• It opens the database, and retrieves information about logins and passwords.

The application was posted on Google Play .

GitHub project: ChromeOR .

Conclusion

As a conclusion from the work done, you can say that if you have root-rights, pull out the password database from the browser and send it to your server - the task is completely solvable, and this fact should make you think about whether any application should trust the superuser rights .

Hope this article was informative. Thanks for attention!