[{"data":1,"prerenderedAt":783},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules":233,"sidebar-android-secure-coding-standard":241},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":224,"extension":227,"meta":228,"navigation":7,"path":229,"seo":230,"stem":231,"__hash__":232},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F01.index.md","Rules",{"type":32,"value":33,"toc":223},"minimark",[34,38],[35,36,30],"h1",{"id":37},"rules",[39,40,41,49,55,61,67,73,79,85,91,97,103,109,115,121,127,133,139,145,151,157,163,169,175,181,187,193,199,205,211,217],"ul",{},[42,43,44],"li",{},[45,46,48],"a",{"href":47},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002F","Rule 00. Component Security (CPS)",[42,50,51],{},[45,52,54],{"href":53},"\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002F","Rule 01. File I\u002FO and Logging (FIO)",[42,56,57],{},[45,58,60],{"href":59},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002F","Rule 02. Intent (ITT)",[42,62,63],{},[45,64,66],{"href":65},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002F","Rule 03. WebView (WBV)",[42,68,69],{},[45,70,72],{"href":71},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002F","Rule 04. Network - SSL\u002FTLS (NET)",[42,74,75],{},[45,76,78],{"href":77},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002F","Rule 05. Permission (PER)",[42,80,81],{},[45,82,84],{"href":83},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002F","Rule 06. Cryptography (CRP)",[42,86,87],{},[45,88,90],{"href":89},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002F","Rule 07. Miscellaneous (MSC)",[42,92,93],{},[45,94,96],{"href":95},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","Rule 08. Declarations and Initialization (DCL)",[42,98,99],{},[45,100,102],{"href":101},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","Rule 09. Application Programming Interfaces (API)",[42,104,105],{},[45,106,108],{"href":107},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","Rule 10. Environment (ENV)",[42,110,111],{},[45,112,114],{"href":113},"\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","Rule 11. Error Handling (ERR)",[42,116,117],{},[45,118,120],{"href":119},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","Rule 12. Expressions (EXP)",[42,122,123],{},[45,124,126],{"href":125},"\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","Rule 13. Floating Point (FLP)",[42,128,129],{},[45,130,132],{"href":131},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","Rule 14. Integers (INT)",[42,134,135],{},[45,136,138],{"href":137},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","Rule 15. Memory Management (MEM)",[42,140,141],{},[45,142,144],{"href":143},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","Rule 16. Preprocessor (PRE)",[42,146,147],{},[45,148,150],{"href":149},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","Rule 17. Characters and String (STR)",[42,152,153],{},[45,154,156],{"href":155},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","Rule 18. Concurrency (CON)",[42,158,159],{},[45,160,162],{"href":161},"\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","Rule 19. Input Validation and Data Sanitization (IDS)",[42,164,165],{},[45,166,168],{"href":167},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","Rule 20. Java Native Interface (JNI)",[42,170,171],{},[45,172,174],{"href":173},"\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","Rule 21. Locking (LCK)",[42,176,177],{},[45,178,180],{"href":179},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","Rule 22. Methods (MET)",[42,182,183],{},[45,184,186],{"href":185},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","Rule 23. Numeric Types and Operations (NUM)",[42,188,189],{},[45,190,192],{"href":191},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","Rule 24. Object Orientation (OBJ)",[42,194,195],{},[45,196,198],{"href":197},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","Rule 25. Serialization (SER)",[42,200,201],{},[45,202,204],{"href":203},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","Rule 26. Thread APIs (THI)",[42,206,207],{},[45,208,210],{"href":209},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","Rule 27. Thread-Safety Miscellaneous (TSM)",[42,212,213],{},[45,214,216],{"href":215},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","Rule 28. Visibility and Atomicity (VNA)",[42,218,219],{},[45,220,222],{"href":221},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","Rule 29. Platform Security (SEC)",{"title":224,"searchDepth":225,"depth":225,"links":226},"",2,[],"md",{},"\u002Fandroid-secure-coding-standard\u002Frules",{"title":30,"description":224},"3.android-secure-coding-standard\u002F3.rules\u002F01.index","KS3q0WD83kkXzalkospUjyUlI6lbW8OyjibtehnJ1_c",[234,238],{"title":235,"path":236,"stem":237,"children":-1},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":239,"path":101,"stem":240,"children":-1},"Application Programming Interfaces (API)","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",[242],{"title":243,"path":244,"stem":245,"children":246},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[247,248,295,534,631,693,717],{"title":243,"path":244,"stem":245},{"title":249,"path":250,"stem":251,"children":252},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[253,254,276],{"title":249,"path":250,"stem":251},{"title":255,"path":256,"stem":257,"children":258},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[259,260,264,268,272],{"title":255,"path":256,"stem":257},{"title":261,"path":262,"stem":263},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":265,"path":266,"stem":267},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":269,"path":270,"stem":271},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":273,"path":274,"stem":275},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":277,"path":278,"stem":279,"children":280},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[281,282,286,290,294],{"title":277,"path":278,"stem":279},{"title":283,"path":284,"stem":285},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":287,"path":288,"stem":289},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":291,"path":292,"stem":293},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":235,"path":236,"stem":237},{"title":30,"path":229,"stem":231,"children":296},[297,298,299,302,324,327,349,352,355,358,361,391,394,397,400,418,421,424,427,430,456,470,473,476,498,501,504,507,510,513,516],{"title":30,"path":229,"stem":231},{"title":239,"path":101,"stem":240},{"title":300,"path":149,"stem":301},"Characters and String (STR)","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":303,"path":304,"stem":305,"children":306},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[307,308,312,316,320],{"title":303,"path":304,"stem":305},{"title":309,"path":310,"stem":311},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":313,"path":314,"stem":315},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":317,"path":318,"stem":319},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":321,"path":322,"stem":323},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":325,"path":155,"stem":326},"Concurrency (CON)","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":328,"path":329,"stem":330,"children":331},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[332,333,337,341,345],{"title":328,"path":329,"stem":330},{"title":334,"path":335,"stem":336},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":338,"path":339,"stem":340},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":342,"path":343,"stem":344},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":346,"path":347,"stem":348},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":350,"path":95,"stem":351},"Declarations and Initialization (DCL)","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":353,"path":107,"stem":354},"Environment (ENV)","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":356,"path":113,"stem":357},"Error Handling (ERR)","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":359,"path":119,"stem":360},"Expressions (EXP)","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":362,"path":363,"stem":364,"children":365},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[366,367,371,375,379,383,387],{"title":362,"path":363,"stem":364},{"title":368,"path":369,"stem":370},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":372,"path":373,"stem":374},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":376,"path":377,"stem":378},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":380,"path":381,"stem":382},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":384,"path":385,"stem":386},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":388,"path":389,"stem":390},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":392,"path":125,"stem":393},"Floating Point (FLP)","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":395,"path":161,"stem":396},"Input Validation and Data Sanitization (IDS)","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":398,"path":131,"stem":399},"Integers (INT)","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":401,"path":402,"stem":403,"children":404},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[405,406,410,414],{"title":401,"path":402,"stem":403},{"title":407,"path":408,"stem":409},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":411,"path":412,"stem":413},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":415,"path":416,"stem":417},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":419,"path":167,"stem":420},"Java Native Interface (JNI)","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":422,"path":173,"stem":423},"Locking (LCK)","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":425,"path":137,"stem":426},"Memory Management (MEM)","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":428,"path":179,"stem":429},"Methods (MET)","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":431,"path":432,"stem":433,"children":434},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[435,436,440,444,448,452],{"title":431,"path":432,"stem":433},{"title":437,"path":438,"stem":439},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":441,"path":442,"stem":443},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":445,"path":446,"stem":447},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":449,"path":450,"stem":451},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":453,"path":454,"stem":455},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":457,"path":458,"stem":459,"children":460},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[461,462,466],{"title":457,"path":458,"stem":459},{"title":463,"path":464,"stem":465},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":467,"path":468,"stem":469},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":471,"path":185,"stem":472},"Numeric Types and Operations (NUM)","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":474,"path":191,"stem":475},"Object Orientation (OBJ)","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":477,"path":478,"stem":479,"children":480},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[481,482,486,490,494],{"title":477,"path":478,"stem":479},{"title":483,"path":484,"stem":485},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":487,"path":488,"stem":489},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":491,"path":492,"stem":493},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":495,"path":496,"stem":497},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":499,"path":221,"stem":500},"Platform Security (SEC)","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":502,"path":143,"stem":503},"Preprocessor (PRE)","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":505,"path":197,"stem":506},"Serialization (SER)","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":508,"path":203,"stem":509},"Thread APIs (THI)","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":511,"path":209,"stem":512},"Thread-Safety Miscellaneous (TSM)","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":514,"path":215,"stem":515},"Visibility and Atomicity (VNA)","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":517,"path":518,"stem":519,"children":520},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[521,522,526,530],{"title":517,"path":518,"stem":519},{"title":523,"path":524,"stem":525},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":527,"path":528,"stem":529},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":531,"path":532,"stem":533},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":535,"path":536,"stem":537,"children":538},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[539,540,543,547,550,553,556,559,562,565,568,571,574,577,580,583,586,589,592,595,598,601,604,607,610,613,616,619,622,625,628],{"title":535,"path":536,"stem":537},{"title":239,"path":541,"stem":542},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":544,"path":545,"stem":546},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":303,"path":548,"stem":549},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":325,"path":551,"stem":552},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":328,"path":554,"stem":555},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":350,"path":557,"stem":558},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":353,"path":560,"stem":561},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":356,"path":563,"stem":564},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":359,"path":566,"stem":567},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":362,"path":569,"stem":570},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":392,"path":572,"stem":573},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":395,"path":575,"stem":576},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":398,"path":578,"stem":579},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":401,"path":581,"stem":582},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":419,"path":584,"stem":585},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":422,"path":587,"stem":588},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":425,"path":590,"stem":591},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":428,"path":593,"stem":594},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":431,"path":596,"stem":597},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":457,"path":599,"stem":600},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":471,"path":602,"stem":603},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":474,"path":605,"stem":606},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":477,"path":608,"stem":609},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":499,"path":611,"stem":612},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":502,"path":614,"stem":615},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":505,"path":617,"stem":618},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":508,"path":620,"stem":621},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":511,"path":623,"stem":624},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":514,"path":626,"stem":627},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":517,"path":629,"stem":630},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":632,"path":633,"stem":634,"children":635},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[636,637,641,663,667,689],{"title":632,"path":633,"stem":634},{"title":638,"path":639,"stem":640},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":642,"path":643,"stem":644,"children":645},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[646,647,651,655,659],{"title":642,"path":643,"stem":644},{"title":648,"path":649,"stem":650},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":652,"path":653,"stem":654},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":656,"path":657,"stem":658},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":660,"path":661,"stem":662},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":664,"path":665,"stem":666},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":668,"path":669,"stem":670,"children":671},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[672,673,677,681,685],{"title":668,"path":669,"stem":670},{"title":674,"path":675,"stem":676},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":678,"path":679,"stem":680},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":682,"path":683,"stem":684},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":686,"path":687,"stem":688},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":690,"path":691,"stem":692},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":694,"path":695,"stem":696,"children":697},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[698,699,703],{"title":694,"path":695,"stem":696},{"title":700,"path":701,"stem":702},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":704,"path":705,"stem":706,"children":707},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[708,709,713],{"title":704,"path":705,"stem":706},{"title":710,"path":711,"stem":712},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":714,"path":715,"stem":716},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":718,"path":719,"stem":720,"children":721},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[722,723,727,731,735,739,743,747,751,755,759,763,767,771,775,779],{"title":718,"path":719,"stem":720},{"title":724,"path":725,"stem":726},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":728,"path":729,"stem":730},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":732,"path":733,"stem":734},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":736,"path":737,"stem":738},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":740,"path":741,"stem":742},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":744,"path":745,"stem":746},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":748,"path":749,"stem":750},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":752,"path":753,"stem":754},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":756,"path":757,"stem":758},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":760,"path":761,"stem":762},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":764,"path":765,"stem":766},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":768,"path":769,"stem":770},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":772,"path":773,"stem":774},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":776,"path":777,"stem":778},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":780,"path":781,"stem":782},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657777462]