The application was observed to utilize Realm for data storage, but was not observed to set an encryption key. When no encryption key is set in the configuration, no encryption is used. To protect user and application data, the application should specify an encryption key, which is randomly generated per user, per client. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-311: Missing Encryption of Sensitive Data
OWASP: - A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design