A
Man-in-the-Disk attack manipulates data apps store on Android external storage — since multiple apps can access external storage, malicious apps can tamper with other apps' stored data.
Android security model restricts internal storage access (per-app sandbox) but external storage is shared. Apps should never store sensitive data on external storage. Validate integrity of data read from external storage.