[{"data":1,"prerenderedAt":1687},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations":28,"surround-\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations":1119,"sidebar-android-secure-coding-standard":1128},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":1109,"extension":1110,"meta":1111,"navigation":7,"path":1115,"seo":1116,"stem":1117,"__hash__":1118},"content\u002F3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations.md","Applicable in Principle to Android (Java Rules\u002FRecomendations)",{"type":32,"value":33,"toc":1105},"minimark",[34,38,55,61,65,818,822,1055,1059,1085],[35,36,30],"h1",{"id":37},"applicable-in-principle-to-android-java-rulesrecomendations",[39,40,41,42,46,47,50,51,54],"p",{},"The top two tables list the Java rules and Java recommendations that are ",[43,44,45],"em",{},"Applicable in principle,"," meaning that it can be applied to Android but the examples shown in the guideline are not relevant to Android, and in some cases the guideline's full description also needs edits (the latter are provided in the ",[43,48,49],{},"Comments"," column). The third table lists ",[43,52,53],{},"Unknown"," rules and recommendations, meaning that we have not yet determined if the guideline can be applied to Android platforms.",[39,56,57],{},[58,59,60],"strong",{},"Contents",[35,62,64],{"id":63},"rulesapplicable-in-principle-to-android","Rules\u002FApplicable in Principle to Android",[66,67,68,77],"table",{},[69,70,71,75],"colgroup",{},[72,73],"col",{"style":74},"width: 50%",[72,76],{"style":74},[78,79,80,95,111,125,142,164,179,194,210,238,278,294,305,317,336,348,364,379,390,401,412,429,440,451,462,480,491,502,513,524,535,546,557,568,592,604,620,631,647,676,687,703,716,735,747,762,778,798],"tbody",{},[81,82,85,91],"tr",{"className":83},[84],"header",[86,87,88],"th",{},[39,89,90],{},"Rule",[86,92,93],{},[39,94,49],{},[81,96,99,103],{"className":97},[98],"odd",[100,101,102],"td",{},"IDS00-J. Sanitize untrusted data passed across a trust boundary",[100,104,105,106,110],{},"The rule uses MS SQL Server as an example to show a database connection. However, on Android, ",[107,108,109],"code",{},"      DatabaseHelper     "," from SQLite is used for a database connection. Because Android apps may receive untrusted data via network connections, the rule is applicable.",[81,112,115,122],{"className":113},[114],"even",[100,116,117],{},[118,119,121],"a",{"href":120},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids01-j","IDS01-J. Normalize strings before validating them",[100,123,124],{},"Android apps can receive string data from the outside and normalize it.",[81,126,128,134],{"className":127},[98],[100,129,130],{},[118,131,133],{"href":132},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FIDS02-J.+Canonicalize+path+names+before+validating+them","IDS02-J. Canonicalize path names before validating them",[100,135,136,137,141],{},"The rule is applicable in principle. Please refer to the Android specific instance of this rule: ",[118,138,140],{"href":139},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","DRD08-J. Always canonicalize a URL received by a content provider"," .",[81,143,145,151],{"className":144},[114],[100,146,147],{},[118,148,150],{"href":149},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids04-j","IDS04-J. Safely extract files from ZipInputStream",[100,152,153,154,158,159,163],{},"Although not directly a violation of this rule, the ",[118,155,157],{"href":156},"http:\u002F\u002Fmedia.blackhat.com\u002Fus-13\u002FUS-13-Forristal-Android-One-Root-to-Own-Them-All-Slides.pdf","Android Master Key vulnerability"," (insecure use of ZipEntry) is related to this rule. ",[118,160,162],{"href":161},"http:\u002F\u002Fblog.sina.com.cn\u002Fs\u002Fblog_be6dacae0101bksm.html","Another attack vector"," found by a Chinese researcher is also related to this rule.",[81,165,167,173],{"className":166},[98],[100,168,169],{},[118,170,172],{"href":171},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FIDS07-J.+Do+not+pass+untrusted%2C+unsanitized+data+to+the+Runtime.exec%28%29+method","IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method",[100,174,175,178],{},[107,176,177],{},"      Runtime.exec()     "," can be called from Android apps to execute operating system commands.",[81,180,182,188],{"className":181},[114],[100,183,184],{},[118,185,187],{"href":186},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FIDS09-J.+Do+not+use+locale-dependent+methods+on+locale-dependent+data+without+specifying+the+appropriate+locale","IDS09-J. Do not use locale-dependent methods on locale-dependent data without specifying the appropriate locale",[100,189,190,191,141],{},"A developer can specify locale on Android using ",[107,192,193],{},"      java.util.Locale     ",[81,195,197,203],{"className":196},[98],[100,198,199],{},[118,200,202],{"href":201},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FEXP01-J.+Never+dereference+null+pointers","EXP01-J. Never dereference null pointers",[100,204,205,206,209],{},"Android applications are more sensitive to ",[107,207,208],{},"      NullPointerException     "," due to the constraint of the limited mobile device memory. Static members or members of an Activity may become null when memory runs out.",[81,211,213,219],{"className":212},[114],[100,214,215],{},[118,216,218],{"href":217},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FEXP06-J.+Do+not+use+side-effecting+expressions+in+assertions","EXP06-J. Do not use side-effecting expressions in assertions",[100,220,221,222,225,226,229,230,233,234,237],{},"The ",[107,223,224],{},"      assert     "," statement is supported on the Dalvik VM but is ignored under the default configuration. Assertions may be enabled by setting the system property \" ",[107,227,228],{},"      debug.assert     "," \" via: ",[107,231,232],{},"      adb shell setprop debug.assert 1     "," or by sending the command line argument \" ",[107,235,236],{},"      --enable-assert     "," \" to the Dalvik VM.",[81,239,241,247],{"className":240},[98],[100,242,243],{},[118,244,246],{"href":245},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum00-j","NUM00-J. Detect or prevent integer overflow",[100,248,249,257,262,268],{},[39,250,251,252,256],{},"Mezzofanti for Android contained an ",[118,253,255],{"href":254},"https:\u002F\u002Fcode.google.com\u002Fp\u002Fmezzofanti\u002Fissues\u002Fdetail?id=1","integer overflow"," which prevented the use of a big SD card. Mezzofanti contained an expression:",[39,258,259],{},[107,260,261],{},"       (int)       StatFs.getAvailableBlocks() * (int) StatFs.getBlockSize()      ",[39,263,264,265,141],{},"to calculate the available memory in a SD card, which could result in a negative value when the available memory is bigger than ",[107,266,267],{},"       Integer.MAX_VALUE      ",[39,269,270,271,274,275,141],{},"Note these methods are deprecated in API level 18 and replaced by ",[107,272,273],{},"       getAvailableBlocksLong()      "," and ",[107,276,277],{},"       getBlockSizeLong()      ",[81,279,281,287],{"className":280},[114],[100,282,283],{},[118,284,286],{"href":285},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum04-j","NUM04-J. Do not use floating-point numbers if precise computation is required",[100,288,221,289,293],{},[118,290,292],{"href":291},"http:\u002F\u002Fdeveloper.android.com\u002Ftraining\u002Farticles\u002Fperf-tips.html#AvoidFloat","use of floating-point is not recommended"," for performance reasons on Android.",[81,295,297,303],{"className":296},[98],[100,298,299],{},[118,300,302],{"href":301},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FNUM06-J.+Use+the+strictfp+modifier+for+floating-point+calculation+consistency+across+platforms","NUM06-J. Use the strictfp modifier for floating-point calculation consistency across platforms",[100,304],{},[81,306,308,314],{"className":307},[114],[100,309,310],{},[118,311,313],{"href":312},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum11-j","NUM11-J. Do not compare or inspect the string representation of floating-point values",[100,315,316],{},"Comparing or inspecting the string representation of floating-point values may have unexpected results on Android.",[81,318,320,326],{"className":319},[98],[100,321,322],{},[118,323,325],{"href":324},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet01-j","MET01-J. Never use assertions to validate method arguments",[100,327,221,328,225,330,229,332,233,334,237],{},[107,329,224],{},[107,331,228],{},[107,333,232],{},[107,335,236],{},[81,337,339,345],{"className":338},[114],[100,340,341],{},[118,342,344],{"href":343},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet02-j","MET02-J. Do not use deprecated or obsolete classes or methods",[100,346,347],{},"The Android SDK also has deprecated or obsolete APIs. Also, there may exist incompatible APIs depending on the SDK version. Therefore, it is recommended that developers refer to the \"Android API Difference report\" and consider replacing the deprecated APIs.",[81,349,351,357],{"className":350},[98],[100,352,353],{},[118,354,356],{"href":355},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet03-j","MET03-J. Methods that perform a security check must be declared private or final",[100,358,359,360,363],{},"On Android, ",[107,361,362],{},"      System.getSecurityManager()     "," is not used and the use of a Security Manager is not exercised. However, an Android developer can implement security-sensitive methods so the principle may be applicable on Android.",[81,365,367,373],{"className":366},[114],[100,368,369],{},[118,370,372],{"href":371},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr09-j","ERR09-J. Do not allow untrusted code to terminate the JVM",[100,374,359,375,378],{},[107,376,377],{},"      System.exit()     "," should not be used because it will terminate the virtual machine abruptly, ignoring the activity lifecycle which may prevent proper garbage collection.",[81,380,382,388],{"className":381},[98],[100,383,384],{},[118,385,387],{"href":386},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck00-j","LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code",[100,389],{},[81,391,393,399],{"className":392},[114],[100,394,395],{},[118,396,398],{"href":397},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck05-j","LCK05-J. Synchronize access to static fields that can be modified by untrusted code",[100,400],{},[81,402,404,410],{"className":403},[98],[100,405,406],{},[118,407,409],{"href":408},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck11-j","LCK11-J. Avoid client-side locking when using classes that do not commit to their locking strategy",[100,411],{},[81,413,415,421],{"className":414},[114],[100,416,417],{},[118,418,420],{"href":419},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=35782697","THI00-J. Do not invoke Thread.run()",[100,422,423,424,428],{},"Android provides a couple of solutions for threading. The Android Developers Blog's article \" ",[118,425,427],{"href":426},"http:\u002F\u002Fandroid-developers.blogspot.ro\u002F2009\u002F05\u002Fpainless-threading.html","Painless threading"," \" discusses those solutions.",[81,430,432,438],{"className":431},[98],[100,433,434],{},[118,435,437],{"href":436},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FTHI02-J.+Notify+all+waiting+threads+rather+than++a+single+thread","THI02-J. Notify all waiting threads rather than a single thread",[100,439],{},[81,441,443,449],{"className":442},[114],[100,444,445],{},[118,446,448],{"href":447},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi03-j","THI03-J. Always invoke wait() and await() methods inside a loop",[100,450],{},[81,452,454,460],{"className":453},[98],[100,455,456],{},[118,457,459],{"href":458},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi04-j","THI04-J. Ensure that threads performing blocking operations can be terminated",[100,461],{},[81,463,465,471],{"className":464},[114],[100,466,467],{},[118,468,470],{"href":469},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi05-j","THI05-J. Do not use Thread.stop() to terminate threads",[100,472,359,473,141],{},[118,474,476,479],{"href":475},"http:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fjava\u002Flang\u002FThread.html#stop%28%29",[107,477,478],{},"       Thread.stop()      "," was deprecated in API level 1",[81,481,483,489],{"className":482},[98],[100,484,485],{},[118,486,488],{"href":487},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps00-j","TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts",[100,490],{},[81,492,494,500],{"className":493},[114],[100,495,496],{},[118,497,499],{"href":498},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps01-j","TPS01-J. Do not execute interdependent tasks in a bounded thread pool",[100,501],{},[81,503,505,511],{"className":504},[98],[100,506,507],{},[118,508,510],{"href":509},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps02-j","TPS02-J. Ensure that tasks submitted to a thread pool are interruptible",[100,512],{},[81,514,516,522],{"className":515},[114],[100,517,518],{},[118,519,521],{"href":520},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps03-j","TPS03-J. Ensure that tasks executing in a thread pool do not fail silently",[100,523],{},[81,525,527,533],{"className":526},[98],[100,528,529],{},[118,530,532],{"href":531},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps04-j","TPS04-J. Ensure ThreadLocal variables are reinitialized when using thread pools",[100,534],{},[81,536,538,544],{"className":537},[114],[100,539,540],{},[118,541,543],{"href":542},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm00-j","TSM00-J. Do not override thread-safe methods with methods that are not thread-safe",[100,545],{},[81,547,549,555],{"className":548},[98],[100,550,551],{},[118,552,554],{"href":553},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm01-j","TSM01-J. Do not let the this reference escape during object construction",[100,556],{},[81,558,560,566],{"className":559},[114],[100,561,562],{},[118,563,565],{"href":564},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm02-j","TSM02-J. Do not use background threads during class initialization",[100,567],{},[81,569,571,577],{"className":570},[98],[100,572,573],{},[118,574,576],{"href":575},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio00-j","FIO00-J. Do not operate on files in shared directories",[100,578,579,580,583,584,587,588,591],{},"On Android, the SD card ( ",[107,581,582],{},"      \u002F     "," ",[107,585,586],{},"      sdcard     "," or ",[107,589,590],{},"      \u002Fmnt\u002F      sdcard     "," ) is shared among multiple applications, thus sensitive files should not be stored on the SD card.",[81,593,595,601],{"className":594},[114],[100,596,597],{},[118,598,600],{"href":599},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio01-j","FIO01-J. Create files with appropriate access permissions",[100,602,603],{},"Creating files with weak permissions may allow malicious applications to access the files.",[81,605,607,613],{"className":606},[98],[100,608,609],{},[118,610,612],{"href":611},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio04-j","FIO04-J. Release resources when they are no longer needed",[100,614,615,616,619],{},"The compliant solution (Java SE 7: ",[107,617,618],{},"      try     "," -with-resources) is not yet supported at API level 18 (Android 4.3).",[81,621,623,629],{"className":622},[114],[100,624,625],{},[118,626,628],{"href":627},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FFIO06-J.+Do+not+create+multiple+buffered+wrappers+on+a+single+InputStream","FIO06-J. Do not create multiple buffered wrappers on a single InputStream",[100,630],{},[81,632,634,640],{"className":633},[98],[100,635,636],{},[118,637,639],{"href":638},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio13-j","FIO13-J. Do not log sensitive information outside a trust boundary",[100,641,642,646],{},[118,643,645],{"href":644},"\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","DRD04-J. Do not log sensitive information"," is an Android specific instance of this rule.",[81,648,650,656],{"className":649},[114],[100,651,652],{},[118,653,655],{"href":654},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio14-j","FIO14-J. Perform proper cleanup at program termination",[100,657,658,659,662,663,666,667,670,671,670,674,141],{},"Although most of the code examples are not applicable to the Android platform, the principle is applicable to Android. There are a number of ways to terminate a process on Android: ",[107,660,661],{},"      android.app.Activity.finish()     "," , and the related ",[107,664,665],{},"      finish...     "," methods, ",[107,668,669],{},"      android.app.Activity.moveTaskToBack(boolean flag)     "," , ",[107,672,673],{},"      android.os.Process.killProcess(int pid)     ",[107,675,377],{},[81,677,679,685],{"className":678},[98],[100,680,681],{},[118,682,684],{"href":683},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FFIO15-J.+Do+not+operate+on+untrusted+file+links","FIO15-J. Do not operate on untrusted file links",[100,686],{},[81,688,690,696],{"className":689},[114],[100,691,692],{},[118,693,695],{"href":694},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec01-j","SEC01-J. Do not allow tainted variables in privileged blocks",[100,697,698,699,702],{},"The code examples using the ",[107,700,701],{},"      java.security     "," package are not applicable to Android but the principle of the rule is applicable to Android apps.",[81,704,706,712],{"className":705},[98],[100,707,708],{},[118,709,711],{"href":710},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec02-j","SEC02-J. Do not base security checks on untrusted sources",[100,713,698,714,702],{},[107,715,701],{},[81,717,719,725],{"className":718},[114],[100,720,721],{},[118,722,724],{"href":723},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec03-j","SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes",[100,726,727,728,587,731,734],{},"On Android, the use of ",[107,729,730],{},"      DexClassLoader     ",[107,732,733],{},"      PathClassLoader     "," requires caution.",[81,736,738,744],{"className":737},[98],[100,739,740],{},[118,741,743],{"href":742},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec05-j","SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields",[100,745,746],{},"Reflection can be used on Android so the rule is applicable. Also the use of reflection may allow a developer to access private Android APIs and so requires caution.",[81,748,750,759],{"className":749},[114],[100,751,752,583,756],{},[118,753,755],{"href":754},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni03-j","JNI",[118,757,758],{"href":754},"03-J. Do not use direct pointers to Java objects in JNI code",[100,760,761],{},"Applicable to API versions 14 and above, with NDK versions 7 and above.",[81,763,765,771],{"className":764},[98],[100,766,767],{},[118,768,770],{"href":769},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv02-j","ENV02-J. Do not trust the values of environment variables",[100,772,773,774,777],{},"On Android, the environment variable ",[107,775,776],{},"             user.name           "," is not used and is left blank. However, environment variables exist and are used on Android so the rule is applicable.",[81,779,781,787],{"className":780},[114],[100,782,783],{},[118,784,786],{"href":785},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv04-j","ENV04-J. Do not disable bytecode verification",[100,788,789,790,793,794,797],{},"Under the default settings, bytecode verification is enabled on the Dalvik VM. To change the settings use the adb shell to set the appropriate system property, for example: ",[107,791,792],{},"      adb shell setprop dalvik.vm.dexopt-flags v=a     "," or pass ",[107,795,796],{},"      -Xverify:all     "," as an argument to the Dalvik VM.",[81,799,801,807],{"className":800},[98],[100,802,803],{},[118,804,806],{"href":805},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc03-j","MSC03-J. Never hard code sensitive information",[100,808,809,810,813,814,817],{},"Hard coded information can be easily obtained on Android by using the ",[107,811,812],{},"      apktool     "," to decompile an application or by using ",[107,815,816],{},"      dex2jar     "," to convert a dex file to a jar file.",[35,819,821],{"id":820},"recommendationsapplicable-in-principle-to-android","Recommendations\u002FApplicable in Principle to Android",[66,823,824,830],{},[69,825,826,828],{},[72,827],{"style":74},[72,829],{"style":74},[78,831,832,845,857,872,883,894,909,921,947,983,1006,1026,1041],{},[81,833,835,841],{"className":834},[84],[86,836,838],{"style":837},"text-align: left;",[39,839,840],{},"Guideline",[86,842,843],{"style":837},[39,844,49],{},[81,846,848,854],{"className":847},[98],[100,849,850],{"style":837},[118,851,853],{"href":852},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc59-j","MSC59-J. Limit the lifetime of sensitive data",[100,855,856],{"style":837},"The non-compliant code example is probably not problematic on Dalvik because each app has its own Dalvik VM and string objects would not be accessible from other apps (?)",[81,858,860,866],{"className":859},[114],[100,861,862],{"style":837},[118,863,865],{"href":864},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec55-j","SEC55-J. Ensure security-sensitive methods are called with validated arguments",[100,867,359,868,871],{"style":837},[107,869,870],{},"      accessControlContext     "," is not available.",[81,873,875,881],{"className":874},[98],[100,876,877],{"style":837},[118,878,880],{"href":879},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids56-j","IDS56-J. Prevent arbitrary file upload",[100,882],{"style":837},[81,884,886,892],{"className":885},[114],[100,887,888],{"style":837},[118,889,891],{"href":890},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids51-j","IDS51-J. Properly encode or escape output",[100,893],{"style":837},[81,895,897,903],{"className":896},[98],[100,898,899],{"style":837},[118,900,902],{"href":901},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids52-j","IDS52-J. Prevent code injection",[100,904,905,908],{"style":837},[107,906,907],{},"      ScriptEngineManager     "," is not included in the Android SDK.",[81,910,912,918],{"className":911},[114],[100,913,914],{"style":837},[118,915,917],{"href":916},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids54-j","IDS54-J. Prevent LDAP injection",[100,919,920],{"style":837},"Applicable in principle for android apps that tries to implement its own LDAP",[81,922,924,930],{"className":923},[98],[100,925,926],{"style":837},[118,927,929],{"href":928},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec50-j","SEC50-J. Avoid granting excess privileges",[100,931,932,933,936,937,940,941,943,944],{"style":837},"The brief phrase for the guideline applies to Android. However, the current extended-text description for the guideline in the hardcopy book does not apply to Android, because Android does not use ",[107,934,935],{},"      AccessController     "," . The following text supplements that section, to make it applicable to Android.: An application should use as few \" ",[107,938,939],{},"      \u003Cuses-permission>     "," \"s in AndroidManifest.xml as possible. App developers should also avoid signature\u002Fsystem\u002Fdangerous permissions, and having a shared system UID. System API calls are code running as system, and apps which make system API calls require standard permissions the app must specify in the application manifest with \" ",[107,942,939],{}," \". ",[118,945,946],{"href":946},"http:\u002F\u002Fdeveloper.android.com\u002Fguide\u002Ftopics\u002Fmanifest\u002Fuses-permission-element.html",[81,948,950,956],{"className":949},[114],[100,951,952],{"style":837},[118,953,955],{"href":954},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec51-j","SEC51-J. Minimize privileged code",[100,957,932,958,960,961,943,963,974,979],{"style":837},[107,959,935],{}," . The following text supplements that section, to make it applicable to Android.: Minimize the code running as system, with permissions defined in another app’s manifest, or in shared user ID applications. System API calls are code running as system, and apps which make system API calls require standard permissions the app must specify in the application manifest with \" ",[107,962,939],{},[118,964,965,966,969,970,973],{"href":946},"Only applications which are signed with the same signature ",[43,967,968],{},"and"," also request the same ",[107,971,972],{},"       sharedUserID      "," are granted a shared user ID. Data\u002Ffiles stored by apps which share a user ID are accessible to all those apps.",[39,975,976],{},[118,977,978],{"href":978},"http:\u002F\u002Fdeveloper.android.com\u002Fguide\u002Ftopics\u002Fsecurity\u002Fpermissions.html",[39,980,981],{},[118,982,946],{"href":946},[81,984,986,992],{"className":985},[98],[100,987,988],{"style":837},[118,989,991],{"href":990},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec53-j","SEC53-J. Define custom security permissions for fine-grained security",[100,993,994,995,998,999,1001,1002,1005],{"style":837},"The brief phrase for the guideline applies to Android. However, the current extended-text description for the guideline in the hardcopy book does not apply to Android. The following text supplements that section, to make it applicable to Android.: Applications are able to define their own new permissions, to restrict access to their components by other applications. Applications indicate the procedure the system should follow when determining whether to grant another app the permission, depending on ",[107,996,997],{},"      protectionLevel     "," – e.g., setting ",[107,1000,997],{}," to “ ",[107,1003,1004],{},"      signature     "," ” so it is automatically granted to other applications requesting the permission which are signed with the same key. In addition to defining their own new permissions, applications can declare the requirement for (self-defined, other-app-defined, or system-defined) permissions, to restrict access to their components by other applications.",[81,1007,1009,1015],{"className":1008},[114],[100,1010,1011],{"style":837},[118,1012,1014],{"href":1013},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio51-j","FIO51-J. Identify files using multiple file attributes",[100,1016,1017,1018,1021,1022,1025],{"style":837},"On Android, better to use ",[107,1019,1020],{},"      openFileOutput     "," \u002F ",[107,1023,1024],{},"      openFileInput     "," for file I\u002FO.",[81,1027,1029,1035],{"className":1028},[98],[100,1030,1031],{"style":837},[118,1032,1034],{"href":1033},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc60-j","MSC60-J. Do not use assertions to verify the absence of runtime errors",[100,1036,359,1037,1040],{"style":837},[107,1038,1039],{},"      assert()     "," is ignored by default.",[81,1042,1044,1050],{"className":1043},[114],[100,1045,1046],{"style":837},[118,1047,1049],{"href":1048},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio50-j","FIO50-J. Do not make assumptions about file creation",[100,1051,359,1052,871],{"style":837},[107,1053,1054],{},"      java.nio.file     ",[35,1056,1058],{"id":1057},"bibliography","Bibliography",[66,1060,1061,1070],{},[1062,1063,1064],"thead",{},[81,1065,1066,1068],{},[86,1067],{},[86,1069],{},[78,1071,1072],{},[81,1073,1074,1082],{},[100,1075,1076,1077,1081],{},"[ ",[118,1078,1080],{"href":1079},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-Long13","Long 2013"," ]",[100,1083,1084],{},"Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs",[39,1086,1087,583,1094,583,1099],{},[118,1088,1090],{"href":1089},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv05-j",[1091,1092],"img",{"src":1093},"\u002Fattachments\u002F88487702\u002F88497198.png",[118,1095,1096],{"href":23},[1091,1097],{"src":1098},"\u002Fattachments\u002F88487702\u002F88497196.png",[118,1100,1102],{"href":1101},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc00-j",[1091,1103],{"src":1104},"\u002Fattachments\u002F88487702\u002F88497197.png",{"title":1106,"searchDepth":1107,"depth":1107,"links":1108},"",2,[],"The top two tables list the Java rules and Java recommendations that are Applicable in principle, meaning that it can be applied to Android but the examples shown in the guideline are not relevant to Android, and in some cases the guideline's full description also needs edits (the latter are provided in the Comments column). The third table lists Unknown rules and recommendations, meaning that we have not yet determined if the guideline can be applied to Android platforms.","md",{"tags":1112},[1113,1114],"java","applicability-list","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations",{"title":30,"description":1109},"3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations","ZtT4kM5tLT4odKnsgtCqxxuAJyiM3wWvCXjSVmsfNMc",[1120,1124],{"title":1121,"path":1122,"stem":1123,"children":-1},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",{"title":1125,"path":1126,"stem":1127,"children":-1},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",[1129],{"title":1130,"path":1131,"stem":1132,"children":1133},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[1134,1135,1185,1447,1544,1597,1621],{"title":1130,"path":1131,"stem":1132},{"title":1136,"path":1137,"stem":1138,"children":1139},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[1140,1141,1163],{"title":1136,"path":1137,"stem":1138},{"title":1142,"path":1143,"stem":1144,"children":1145},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[1146,1147,1151,1155,1159],{"title":1142,"path":1143,"stem":1144},{"title":1148,"path":1149,"stem":1150},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":1152,"path":1153,"stem":1154},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":1156,"path":1157,"stem":1158},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":1160,"path":1161,"stem":1162},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":1164,"path":1165,"stem":1166,"children":1167},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[1168,1169,1173,1177,1181],{"title":1164,"path":1165,"stem":1166},{"title":1170,"path":1171,"stem":1172},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":1174,"path":1175,"stem":1176},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":1178,"path":1179,"stem":1180},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":1182,"path":1183,"stem":1184},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":1186,"path":1187,"stem":1188,"children":1189},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[1190,1191,1195,1199,1219,1223,1245,1249,1253,1257,1261,1289,1293,1297,1301,1319,1323,1327,1331,1335,1361,1375,1379,1383,1405,1409,1413,1417,1421,1425,1429],{"title":1186,"path":1187,"stem":1188},{"title":1192,"path":1193,"stem":1194},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":1196,"path":1197,"stem":1198},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":1200,"path":1201,"stem":1202,"children":1203},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[1204,1205,1209,1213,1215],{"title":1200,"path":1201,"stem":1202},{"title":1206,"path":1207,"stem":1208},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":1210,"path":1211,"stem":1212},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":140,"path":139,"stem":1214},"3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":1216,"path":1217,"stem":1218},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":1220,"path":1221,"stem":1222},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":1224,"path":1225,"stem":1226,"children":1227},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[1228,1229,1233,1237,1241],{"title":1224,"path":1225,"stem":1226},{"title":1230,"path":1231,"stem":1232},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":1234,"path":1235,"stem":1236},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":1238,"path":1239,"stem":1240},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":1242,"path":1243,"stem":1244},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":1246,"path":1247,"stem":1248},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":1250,"path":1251,"stem":1252},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":1254,"path":1255,"stem":1256},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":1258,"path":1259,"stem":1260},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":1262,"path":1263,"stem":1264,"children":1265},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[1266,1267,1269,1273,1277,1281,1285],{"title":1262,"path":1263,"stem":1264},{"title":645,"path":644,"stem":1268},"3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":1270,"path":1271,"stem":1272},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":1274,"path":1275,"stem":1276},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":1278,"path":1279,"stem":1280},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":1282,"path":1283,"stem":1284},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":1286,"path":1287,"stem":1288},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":1290,"path":1291,"stem":1292},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":1294,"path":1295,"stem":1296},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":1298,"path":1299,"stem":1300},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":1302,"path":1303,"stem":1304,"children":1305},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[1306,1307,1311,1315],{"title":1302,"path":1303,"stem":1304},{"title":1308,"path":1309,"stem":1310},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":1312,"path":1313,"stem":1314},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":1316,"path":1317,"stem":1318},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":1320,"path":1321,"stem":1322},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":1324,"path":1325,"stem":1326},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":1328,"path":1329,"stem":1330},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":1332,"path":1333,"stem":1334},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":1336,"path":1337,"stem":1338,"children":1339},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[1340,1341,1345,1349,1353,1357],{"title":1336,"path":1337,"stem":1338},{"title":1342,"path":1343,"stem":1344},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":1346,"path":1347,"stem":1348},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":1350,"path":1351,"stem":1352},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":1354,"path":1355,"stem":1356},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":1358,"path":1359,"stem":1360},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":1362,"path":1363,"stem":1364,"children":1365},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[1366,1367,1371],{"title":1362,"path":1363,"stem":1364},{"title":1368,"path":1369,"stem":1370},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":1372,"path":1373,"stem":1374},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":1376,"path":1377,"stem":1378},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":1380,"path":1381,"stem":1382},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":1384,"path":1385,"stem":1386,"children":1387},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[1388,1389,1393,1397,1401],{"title":1384,"path":1385,"stem":1386},{"title":1390,"path":1391,"stem":1392},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":1394,"path":1395,"stem":1396},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":1398,"path":1399,"stem":1400},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":1402,"path":1403,"stem":1404},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":1406,"path":1407,"stem":1408},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1410,"path":1411,"stem":1412},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1414,"path":1415,"stem":1416},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1418,"path":1419,"stem":1420},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1422,"path":1423,"stem":1424},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1426,"path":1427,"stem":1428},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1430,"path":1431,"stem":1432,"children":1433},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[1434,1435,1439,1443],{"title":1430,"path":1431,"stem":1432},{"title":1436,"path":1437,"stem":1438},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":1440,"path":1441,"stem":1442},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":1444,"path":1445,"stem":1446},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1448,"path":1449,"stem":1450,"children":1451},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1452,1453,1456,1460,1463,1466,1469,1472,1475,1478,1481,1484,1487,1490,1493,1496,1499,1502,1505,1508,1511,1514,1517,1520,1523,1526,1529,1532,1535,1538,1541],{"title":1448,"path":1449,"stem":1450},{"title":1192,"path":1454,"stem":1455},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1457,"path":1458,"stem":1459},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":1200,"path":1461,"stem":1462},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":1220,"path":1464,"stem":1465},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":1224,"path":1467,"stem":1468},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":1246,"path":1470,"stem":1471},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":1250,"path":1473,"stem":1474},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":1254,"path":1476,"stem":1477},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":1258,"path":1479,"stem":1480},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":1262,"path":1482,"stem":1483},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":1290,"path":1485,"stem":1486},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":1294,"path":1488,"stem":1489},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":1298,"path":1491,"stem":1492},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":1302,"path":1494,"stem":1495},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":1320,"path":1497,"stem":1498},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":1324,"path":1500,"stem":1501},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":1328,"path":1503,"stem":1504},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":1332,"path":1506,"stem":1507},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":1336,"path":1509,"stem":1510},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":1362,"path":1512,"stem":1513},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":1376,"path":1515,"stem":1516},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":1380,"path":1518,"stem":1519},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":1384,"path":1521,"stem":1522},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":1406,"path":1524,"stem":1525},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1410,"path":1527,"stem":1528},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1414,"path":1530,"stem":1531},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1418,"path":1533,"stem":1534},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1422,"path":1536,"stem":1537},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1426,"path":1539,"stem":1540},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1430,"path":1542,"stem":1543},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1545,"path":1546,"stem":1547,"children":1548},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1549,1550,1554,1576,1580,1593],{"title":1545,"path":1546,"stem":1547},{"title":1551,"path":1552,"stem":1553},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1555,"path":1556,"stem":1557,"children":1558},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1559,1560,1564,1568,1572],{"title":1555,"path":1556,"stem":1557},{"title":1561,"path":1562,"stem":1563},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1565,"path":1566,"stem":1567},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1569,"path":1570,"stem":1571},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1573,"path":1574,"stem":1575},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1577,"path":1578,"stem":1579},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1121,"path":1122,"stem":1123,"children":1581},[1582,1583,1584,1585,1589],{"title":1121,"path":1122,"stem":1123},{"title":30,"path":1115,"stem":1117},{"title":1125,"path":1126,"stem":1127},{"title":1586,"path":1587,"stem":1588},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1590,"path":1591,"stem":1592},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1594,"path":1595,"stem":1596},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1598,"path":1599,"stem":1600,"children":1601},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1602,1603,1607],{"title":1598,"path":1599,"stem":1600},{"title":1604,"path":1605,"stem":1606},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1608,"path":1609,"stem":1610,"children":1611},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1612,1613,1617],{"title":1608,"path":1609,"stem":1610},{"title":1614,"path":1615,"stem":1616},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1618,"path":1619,"stem":1620},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1622,"path":1623,"stem":1624,"children":1625},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1626,1627,1631,1635,1639,1643,1647,1651,1655,1659,1663,1667,1671,1675,1679,1683],{"title":1622,"path":1623,"stem":1624},{"title":1628,"path":1629,"stem":1630},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1632,"path":1633,"stem":1634},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1636,"path":1637,"stem":1638},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1640,"path":1641,"stem":1642},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1644,"path":1645,"stem":1646},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1648,"path":1649,"stem":1650},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1652,"path":1653,"stem":1654},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1656,"path":1657,"stem":1658},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1660,"path":1661,"stem":1662},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1664,"path":1665,"stem":1666},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1668,"path":1669,"stem":1670},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1672,"path":1673,"stem":1674},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1676,"path":1677,"stem":1678},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1680,"path":1681,"stem":1682},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1684,"path":1685,"stem":1686},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657857010]