[{"data":1,"prerenderedAt":775},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frecommendations":28,"surround-\u002Fandroid-secure-coding-standard\u002Frecommendations":233,"sidebar-android-secure-coding-standard":241},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":224,"extension":227,"meta":228,"navigation":7,"path":229,"seo":230,"stem":231,"__hash__":232},"content\u002F3.android-secure-coding-standard\u002F4.recommendations\u002F01.index.md","Recommendations",{"type":32,"value":33,"toc":223},"minimark",[34,38],[35,36,30],"h1",{"id":37},"recommendations",[39,40,41,49,55,61,67,73,79,85,91,97,103,109,115,121,127,133,139,145,151,157,163,169,175,181,187,193,199,205,211,217],"ul",{},[42,43,44],"li",{},[45,46,48],"a",{"href":47},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","Rec. 00 Component Security (CPS)",[42,50,51],{},[45,52,54],{"href":53},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","Rec. 01. File I\u002FO and Logging (FIO)",[42,56,57],{},[45,58,60],{"href":59},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","Rec. 02. Intent (ITT)",[42,62,63],{},[45,64,66],{"href":65},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","Rec. 03. WebView (WBV)",[42,68,69],{},[45,70,72],{"href":71},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","Rec. 04. Network - SSL\u002FTLS (NET)",[42,74,75],{},[45,76,78],{"href":77},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","Rec. 05. Permission (PER)",[42,80,81],{},[45,82,84],{"href":83},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","Rec. 06. Cryptography (CRP)",[42,86,87],{},[45,88,90],{"href":89},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","Rec. 07. Miscellaneous (MSC)",[42,92,93],{},[45,94,96],{"href":95},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","Rec. 08. Declarations and Initialization (DCL)",[42,98,99],{},[45,100,102],{"href":101},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","Rec. 09. Application Programming Interfaces (API)",[42,104,105],{},[45,106,108],{"href":107},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","Rec. 10. Environment (ENV)",[42,110,111],{},[45,112,114],{"href":113},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","Rec. 11. Error Handling (ERR)",[42,116,117],{},[45,118,120],{"href":119},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","Rec. 12. Expressions (EXP)",[42,122,123],{},[45,124,126],{"href":125},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","Rec. 13. Floating Point (FLP)",[42,128,129],{},[45,130,132],{"href":131},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","Rec. 14. Integers (INT)",[42,134,135],{},[45,136,138],{"href":137},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","Rec. 15. Memory Management (MEM)",[42,140,141],{},[45,142,144],{"href":143},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","Rec. 16. Preprocessor (PRE)",[42,146,147],{},[45,148,150],{"href":149},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","Rec. 17. Characters and Strings (STR)",[42,152,153],{},[45,154,156],{"href":155},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","Rec. 18. Concurrency (CON)",[42,158,159],{},[45,160,162],{"href":161},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","Rec. 19. Input Validation and Data Sanitization (IDS)",[42,164,165],{},[45,166,168],{"href":167},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","Rec. 20. Java Native Interface (JNI)",[42,170,171],{},[45,172,174],{"href":173},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","Rec. 21. Locking (LCK)",[42,176,177],{},[45,178,180],{"href":179},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","Rec. 22. Methods (MET)",[42,182,183],{},[45,184,186],{"href":185},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","Rec. 23. Numeric Types and Operations (NUM)",[42,188,189],{},[45,190,192],{"href":191},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","Rec. 24. Object Orientation (OBJ)",[42,194,195],{},[45,196,198],{"href":197},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","Rec. 25. Serialization (SER)",[42,200,201],{},[45,202,204],{"href":203},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","Rec. 26. Thread APIs (THI)",[42,206,207],{},[45,208,210],{"href":209},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","Rec. 27. Thread-Safety Miscellaneous (TSM)",[42,212,213],{},[45,214,216],{"href":215},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","Rec. 28. Visibility and Atomicity (VNA)",[42,218,219],{},[45,220,222],{"href":221},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","Rec. 29. Platform Security (SEC)",{"title":224,"searchDepth":225,"depth":225,"links":226},"",2,[],"md",{},"\u002Fandroid-secure-coding-standard\u002Frecommendations",{"title":30,"description":224},"3.android-secure-coding-standard\u002F4.recommendations\u002F01.index","CESQDSMjsMmdeR8pLJI5tFlxqpa8yEH2wNTtksGoKnI",[234,238],{"title":235,"path":236,"stem":237,"children":-1},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":239,"path":101,"stem":240,"children":-1},"Application Programming Interfaces (API)","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",[242],{"title":243,"path":244,"stem":245,"children":246},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[247,248,298,560,623,685,709],{"title":243,"path":244,"stem":245},{"title":249,"path":250,"stem":251,"children":252},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[253,254,276],{"title":249,"path":250,"stem":251},{"title":255,"path":256,"stem":257,"children":258},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[259,260,264,268,272],{"title":255,"path":256,"stem":257},{"title":261,"path":262,"stem":263},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":265,"path":266,"stem":267},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":269,"path":270,"stem":271},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":273,"path":274,"stem":275},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":277,"path":278,"stem":279,"children":280},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[281,282,286,290,294],{"title":277,"path":278,"stem":279},{"title":283,"path":284,"stem":285},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":287,"path":288,"stem":289},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":291,"path":292,"stem":293},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":295,"path":296,"stem":297},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":299,"path":300,"stem":301,"children":302},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[303,304,307,311,333,337,359,363,367,371,375,405,409,413,417,435,439,443,447,451,477,491,495,499,521,525,529,533,537,541,545],{"title":299,"path":300,"stem":301},{"title":239,"path":305,"stem":306},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":308,"path":309,"stem":310},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":312,"path":313,"stem":314,"children":315},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[316,317,321,325,329],{"title":312,"path":313,"stem":314},{"title":318,"path":319,"stem":320},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":322,"path":323,"stem":324},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":326,"path":327,"stem":328},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":330,"path":331,"stem":332},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":334,"path":335,"stem":336},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":338,"path":339,"stem":340,"children":341},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[342,343,347,351,355],{"title":338,"path":339,"stem":340},{"title":344,"path":345,"stem":346},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":348,"path":349,"stem":350},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":352,"path":353,"stem":354},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":356,"path":357,"stem":358},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":360,"path":361,"stem":362},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":364,"path":365,"stem":366},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":368,"path":369,"stem":370},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":372,"path":373,"stem":374},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":376,"path":377,"stem":378,"children":379},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[380,381,385,389,393,397,401],{"title":376,"path":377,"stem":378},{"title":382,"path":383,"stem":384},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":386,"path":387,"stem":388},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":390,"path":391,"stem":392},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":394,"path":395,"stem":396},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":398,"path":399,"stem":400},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":402,"path":403,"stem":404},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":406,"path":407,"stem":408},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":410,"path":411,"stem":412},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":414,"path":415,"stem":416},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":418,"path":419,"stem":420,"children":421},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[422,423,427,431],{"title":418,"path":419,"stem":420},{"title":424,"path":425,"stem":426},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":428,"path":429,"stem":430},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":432,"path":433,"stem":434},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":436,"path":437,"stem":438},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":440,"path":441,"stem":442},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":444,"path":445,"stem":446},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":448,"path":449,"stem":450},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":452,"path":453,"stem":454,"children":455},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[456,457,461,465,469,473],{"title":452,"path":453,"stem":454},{"title":458,"path":459,"stem":460},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":462,"path":463,"stem":464},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":466,"path":467,"stem":468},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":470,"path":471,"stem":472},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":474,"path":475,"stem":476},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":478,"path":479,"stem":480,"children":481},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[482,483,487],{"title":478,"path":479,"stem":480},{"title":484,"path":485,"stem":486},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":488,"path":489,"stem":490},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":492,"path":493,"stem":494},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":496,"path":497,"stem":498},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":500,"path":501,"stem":502,"children":503},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[504,505,509,513,517],{"title":500,"path":501,"stem":502},{"title":506,"path":507,"stem":508},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":510,"path":511,"stem":512},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":514,"path":515,"stem":516},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":518,"path":519,"stem":520},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":522,"path":523,"stem":524},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":526,"path":527,"stem":528},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":530,"path":531,"stem":532},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":534,"path":535,"stem":536},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":538,"path":539,"stem":540},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":542,"path":543,"stem":544},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":546,"path":547,"stem":548,"children":549},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[550,551,555,559],{"title":546,"path":547,"stem":548},{"title":552,"path":553,"stem":554},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":556,"path":557,"stem":558},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":235,"path":236,"stem":237},{"title":30,"path":229,"stem":231,"children":561},[562,563,564,567,569,571,573,575,577,579,581,583,585,587,589,591,593,595,597,599,601,603,605,607,609,611,613,615,617,619,621],{"title":30,"path":229,"stem":231},{"title":239,"path":101,"stem":240},{"title":565,"path":149,"stem":566},"Characters and Strings (STR)","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":312,"path":47,"stem":568},"3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":334,"path":155,"stem":570},"3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":338,"path":83,"stem":572},"3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":360,"path":95,"stem":574},"3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":364,"path":107,"stem":576},"3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":368,"path":113,"stem":578},"3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":372,"path":119,"stem":580},"3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":376,"path":53,"stem":582},"3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":406,"path":125,"stem":584},"3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":410,"path":161,"stem":586},"3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":414,"path":131,"stem":588},"3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":418,"path":59,"stem":590},"3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":436,"path":167,"stem":592},"3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":440,"path":173,"stem":594},"3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":444,"path":137,"stem":596},"3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":448,"path":179,"stem":598},"3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":452,"path":89,"stem":600},"3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":478,"path":71,"stem":602},"3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":492,"path":185,"stem":604},"3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":496,"path":191,"stem":606},"3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":500,"path":77,"stem":608},"3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":522,"path":221,"stem":610},"3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":526,"path":143,"stem":612},"3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":530,"path":197,"stem":614},"3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":534,"path":203,"stem":616},"3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":538,"path":209,"stem":618},"3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":542,"path":215,"stem":620},"3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":546,"path":65,"stem":622},"3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":624,"path":625,"stem":626,"children":627},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[628,629,633,655,659,681],{"title":624,"path":625,"stem":626},{"title":630,"path":631,"stem":632},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":634,"path":635,"stem":636,"children":637},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[638,639,643,647,651],{"title":634,"path":635,"stem":636},{"title":640,"path":641,"stem":642},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":644,"path":645,"stem":646},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":648,"path":649,"stem":650},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":652,"path":653,"stem":654},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":656,"path":657,"stem":658},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":660,"path":661,"stem":662,"children":663},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[664,665,669,673,677],{"title":660,"path":661,"stem":662},{"title":666,"path":667,"stem":668},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":670,"path":671,"stem":672},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":674,"path":675,"stem":676},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":678,"path":679,"stem":680},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":682,"path":683,"stem":684},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":686,"path":687,"stem":688,"children":689},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[690,691,695],{"title":686,"path":687,"stem":688},{"title":692,"path":693,"stem":694},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":696,"path":697,"stem":698,"children":699},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[700,701,705],{"title":696,"path":697,"stem":698},{"title":702,"path":703,"stem":704},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":706,"path":707,"stem":708},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":710,"path":711,"stem":712,"children":713},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[714,715,719,723,727,731,735,739,743,747,751,755,759,763,767,771],{"title":710,"path":711,"stem":712},{"title":716,"path":717,"stem":718},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":720,"path":721,"stem":722},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":724,"path":725,"stem":726},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":728,"path":729,"stem":730},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":732,"path":733,"stem":734},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":736,"path":737,"stem":738},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":740,"path":741,"stem":742},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":744,"path":745,"stem":746},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":748,"path":749,"stem":750},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":752,"path":753,"stem":754},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":756,"path":757,"stem":758},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":760,"path":761,"stem":762},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":764,"path":765,"stem":766},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":768,"path":769,"stem":770},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":772,"path":773,"stem":774},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657777463]