[{"data":1,"prerenderedAt":666},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography":28,"surround-\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography":94,"sidebar-android-secure-coding-standard":103},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":48,"extension":85,"meta":86,"navigation":7,"path":90,"seo":91,"stem":92,"__hash__":93},"content\u002F3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography.md","AA. Bibliography",{"type":32,"value":33,"toc":81},"minimark",[34,38,49,56,59],[35,36,30],"h1",{"id":37},"aa-bibliography",[39,40,41,45,48],"p",{},[42,43],"a",{"id":44},"AA.Bibliography-Genkin2016",[46,47],"br",{},"\n[Genkin 2016] Genkin, D. \"ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels.\" Conference on Computer and Communications Security, August 2016.",[39,50,51,53,55],{},[42,52],{"id":44},[46,54],{},"\n[Cauligi 2017] Cauligi, S. \"A Flexible, Constant-Time Programming Language.\" IEEE Secure Development Conference, September 2017.",[57,58],"hr",{},[39,60,61,68,69,68,75],{},[42,62,64],{"href":63},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FWIN30-C.+Properly+pair+allocation+and+deallocation+functions?showChildren=false&showComments=false",[65,66],"img",{"src":67},"\u002Fattachments\u002F87152044\u002F88034188.png"," ",[42,70,72],{"href":71},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FCERT+C+Coding+Standard",[65,73],{"src":74},"\u002Fattachments\u002F87152044\u002F88034190.png",[42,76,78],{"href":77},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FBB.+Definitions?showChildren=false&showComments=false",[65,79],{"src":80},"\u002Fattachments\u002F87152044\u002F88034189.png",{"title":82,"searchDepth":83,"depth":83,"links":84},"",2,[],"md",{"tags":87},[88,89],"section","bm","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography",{"title":30,"description":48},"3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography","5NDu9zYgHGFbKEUMySSaQbvzYtNieOtqAscJnnpcyf8",[95,99],{"title":96,"path":97,"stem":98,"children":-1},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",{"title":100,"path":101,"stem":102,"children":-1},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[104],{"title":105,"path":106,"stem":107,"children":108},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[109,110,160,426,523,585,600],{"title":105,"path":106,"stem":107},{"title":111,"path":112,"stem":113,"children":114},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[115,116,138],{"title":111,"path":112,"stem":113},{"title":117,"path":118,"stem":119,"children":120},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[121,122,126,130,134],{"title":117,"path":118,"stem":119},{"title":123,"path":124,"stem":125},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":127,"path":128,"stem":129},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":131,"path":132,"stem":133},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":135,"path":136,"stem":137},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":139,"path":140,"stem":141,"children":142},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[143,144,148,152,156],{"title":139,"path":140,"stem":141},{"title":145,"path":146,"stem":147},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":149,"path":150,"stem":151},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":153,"path":154,"stem":155},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":157,"path":158,"stem":159},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":161,"path":162,"stem":163,"children":164},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[165,166,170,174,196,200,222,226,230,234,238,268,272,276,280,298,302,306,310,314,340,354,358,362,384,388,392,396,400,404,408],{"title":161,"path":162,"stem":163},{"title":167,"path":168,"stem":169},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":171,"path":172,"stem":173},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":175,"path":176,"stem":177,"children":178},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[179,180,184,188,192],{"title":175,"path":176,"stem":177},{"title":181,"path":182,"stem":183},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":185,"path":186,"stem":187},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":189,"path":190,"stem":191},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":193,"path":194,"stem":195},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":197,"path":198,"stem":199},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":201,"path":202,"stem":203,"children":204},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[205,206,210,214,218],{"title":201,"path":202,"stem":203},{"title":207,"path":208,"stem":209},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":211,"path":212,"stem":213},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":215,"path":216,"stem":217},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":219,"path":220,"stem":221},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":223,"path":224,"stem":225},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":227,"path":228,"stem":229},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":231,"path":232,"stem":233},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":235,"path":236,"stem":237},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":239,"path":240,"stem":241,"children":242},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[243,244,248,252,256,260,264],{"title":239,"path":240,"stem":241},{"title":245,"path":246,"stem":247},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":249,"path":250,"stem":251},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":253,"path":254,"stem":255},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":257,"path":258,"stem":259},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":261,"path":262,"stem":263},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":265,"path":266,"stem":267},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":269,"path":270,"stem":271},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":273,"path":274,"stem":275},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":277,"path":278,"stem":279},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":281,"path":282,"stem":283,"children":284},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[285,286,290,294],{"title":281,"path":282,"stem":283},{"title":287,"path":288,"stem":289},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":291,"path":292,"stem":293},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":295,"path":296,"stem":297},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":299,"path":300,"stem":301},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":303,"path":304,"stem":305},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":307,"path":308,"stem":309},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":311,"path":312,"stem":313},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":315,"path":316,"stem":317,"children":318},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[319,320,324,328,332,336],{"title":315,"path":316,"stem":317},{"title":321,"path":322,"stem":323},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":325,"path":326,"stem":327},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":329,"path":330,"stem":331},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":333,"path":334,"stem":335},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":337,"path":338,"stem":339},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":341,"path":342,"stem":343,"children":344},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[345,346,350],{"title":341,"path":342,"stem":343},{"title":347,"path":348,"stem":349},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":351,"path":352,"stem":353},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":355,"path":356,"stem":357},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":359,"path":360,"stem":361},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":363,"path":364,"stem":365,"children":366},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[367,368,372,376,380],{"title":363,"path":364,"stem":365},{"title":369,"path":370,"stem":371},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":373,"path":374,"stem":375},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":377,"path":378,"stem":379},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":381,"path":382,"stem":383},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":385,"path":386,"stem":387},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":389,"path":390,"stem":391},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":393,"path":394,"stem":395},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":397,"path":398,"stem":399},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":401,"path":402,"stem":403},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":405,"path":406,"stem":407},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":409,"path":410,"stem":411,"children":412},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[413,414,418,422],{"title":409,"path":410,"stem":411},{"title":415,"path":416,"stem":417},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":419,"path":420,"stem":421},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":423,"path":424,"stem":425},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":427,"path":428,"stem":429,"children":430},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[431,432,435,439,442,445,448,451,454,457,460,463,466,469,472,475,478,481,484,487,490,493,496,499,502,505,508,511,514,517,520],{"title":427,"path":428,"stem":429},{"title":167,"path":433,"stem":434},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":436,"path":437,"stem":438},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":175,"path":440,"stem":441},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":197,"path":443,"stem":444},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":201,"path":446,"stem":447},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":223,"path":449,"stem":450},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":227,"path":452,"stem":453},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":231,"path":455,"stem":456},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":235,"path":458,"stem":459},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":239,"path":461,"stem":462},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":269,"path":464,"stem":465},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":273,"path":467,"stem":468},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":277,"path":470,"stem":471},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":281,"path":473,"stem":474},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":299,"path":476,"stem":477},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":303,"path":479,"stem":480},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":307,"path":482,"stem":483},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":311,"path":485,"stem":486},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":315,"path":488,"stem":489},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":341,"path":491,"stem":492},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":355,"path":494,"stem":495},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":359,"path":497,"stem":498},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":363,"path":500,"stem":501},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":385,"path":503,"stem":504},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":389,"path":506,"stem":507},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":393,"path":509,"stem":510},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":397,"path":512,"stem":513},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":401,"path":515,"stem":516},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":405,"path":518,"stem":519},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":409,"path":521,"stem":522},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":524,"path":525,"stem":526,"children":527},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[528,529,533,555,559,581],{"title":524,"path":525,"stem":526},{"title":530,"path":531,"stem":532},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":534,"path":535,"stem":536,"children":537},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[538,539,543,547,551],{"title":534,"path":535,"stem":536},{"title":540,"path":541,"stem":542},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":544,"path":545,"stem":546},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":548,"path":549,"stem":550},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":552,"path":553,"stem":554},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":556,"path":557,"stem":558},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":560,"path":561,"stem":562,"children":563},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[564,565,569,573,577],{"title":560,"path":561,"stem":562},{"title":566,"path":567,"stem":568},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":570,"path":571,"stem":572},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":574,"path":575,"stem":576},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":578,"path":579,"stem":580},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":582,"path":583,"stem":584},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":96,"path":97,"stem":98,"children":586},[587,588,589],{"title":96,"path":97,"stem":98},{"title":30,"path":90,"stem":92},{"title":100,"path":101,"stem":102,"children":590},[591,592,596],{"title":100,"path":101,"stem":102},{"title":593,"path":594,"stem":595},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":597,"path":598,"stem":599},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":601,"path":602,"stem":603,"children":604},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[605,606,610,614,618,622,626,630,634,638,642,646,650,654,658,662],{"title":601,"path":602,"stem":603},{"title":607,"path":608,"stem":609},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":611,"path":612,"stem":613},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":615,"path":616,"stem":617},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":619,"path":620,"stem":621},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":623,"path":624,"stem":625},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":627,"path":628,"stem":629},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":631,"path":632,"stem":633},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":635,"path":636,"stem":637},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":639,"path":640,"stem":641},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":643,"path":644,"stem":645},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":647,"path":648,"stem":649},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":651,"path":652,"stem":653},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":655,"path":656,"stem":657},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":659,"path":660,"stem":661},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":663,"path":664,"stem":665},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657856835]