Sensitive Data Cached
During Penetration testing of an iOS app application, a file called Cache.db may be flagged. This file is generated by iOS and stored in your app's sandbox - meaning other applications don't have access to it. It is a SQLite database that can store sensitive, unencrypted information related to network requests using the native networking stack. So if you have enabled the Capacitor Http API, or Cordova-based Advanced Http plugin, this would apply to you.
Ultimately, unauthorized access to the Cache.db file typically requires jail breaking the device or physical access, which already compromises the device's security in other, more significant ways.
Despite the low risk - if this has been identified as an item for your team to review, here are a couple of mitigation options:
Cache Control Headers
If you need to prevent specific requests from being cached in this file, you can add a request header of Cache-Control: no-cache, no-store to any requests that you want to exclude from caching.
App Delegate
You could also consider preventing any caching by defining an empty shared cache in your AppDelegate (please note - a setting like this may have an adverse effect on other plugins so be sure to test this thoroughly if you decide to try this):
_10//In your AppDelegate.swift file_10func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {_10_10// Be sure to test your app thoroughly if you decide to try this approach_10URLCache.shared = URLCache(memoryCapacity: 0, diskCapacity: 0, diskPath: nil)_10_10return true_10}