The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. Due to an incorrect implementation of the cryptographic algorithms and parameters, it is possible to recover the keystream for the encrypted data. As a result, it is possible to recover part of the plaintext corresponding to an encrypted piece of data thus reverting the encryption process of some values inside the DataVault without needing the original secret key. Furthermore, due to the lack of cryptographic integrity mechanisms in the SAP DataVault an attacker recovering this keystream has the possibility of re-encrypting (or modifying in practical terms) with some limitations, some values previously encrypted inside the DataVault.