The saved Wi-Fi passwords in Android are stored in the
data\misc\wifi directory which can only be accessed if you have root access. So in general you cannot list or access the /data directory until and unless you have root access or the files are world readable writable .
(Xiaomi Redmi note 7 pro 9)
➜ appreview adb shell getprop | grep -E "ro.miui.region|ro.build.fingerprint" [ro.build.fingerprint]: [xiaomi/violet/violet:9/PKQ1.181203.001/V10.3.13.0.PFHINXM:user/release-keys] [ro.miui.region]: [IN]
Connect the device and run the below drozer command it will dump the wifi passwords along with other details in cleartext
run app.provider.query content://wifi/wifi
Don’t export the content provider containing user information.
Protect it via custom permissions.
Or store it in encrypted format.
Any app within the system can query and fetch wifi credentials which is not permitted by default by the system because to access the stored password the device need to be rooted but here it is easily available using which malicious app can login into victims router and can also alter the dns settings which will disclose user browsing activites to the attacker
Reported on Jul 18th 2019
Triaged on Jul 18th 2019
Fix reviewed and ticket closure on Sep 11th 2019