Its common to see mobile apps not applying encryption to the files that store PII.
Common places to find PII unencrypted
- Phone system logs (avail to all apps)
- webkit cache (cache.db)
- plists, dbs, etc
- hardcoded in the binary
Quick spin-up for iOS (Daniel Mayers' idb) [https://github.com/dmayer/idb]