[{"data":1,"prerenderedAt":1495},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x":925,"sidebar-android-secure-coding-standard":934},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":103,"extension":912,"meta":913,"navigation":7,"path":921,"seo":922,"stem":923,"__hash__":924},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x.md","DRD07-X. Protect exported services with strong permissions",{"type":32,"value":33,"toc":901},"minimark",[34,38,42,67,82,85,90,93,194,197,207,211,214,225,677,692,696,699,761,765,768,771,774,777,780,784,802,806,830,834,872,875,897],[35,36,30],"h1",{"id":37},"drd07-x-protect-exported-services-with-strong-permissions",[35,39,41],{"id":40},"this-coding-rule-or-guideline-is-under-construction","(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)",[43,44,45,46,50,51,57,58,61,62,66],"p",{},"This rule was developed in part by Robin Yuan at the October 20-22, 2017 ",[47,48,49],"strong",{},"OurCS Workshop"," ( ",[52,53,54],"a",{"href":54,"rel":55},"http:\u002F\u002Fwww.cs.cmu.edu\u002Fourcs\u002Fregister.html",[56],"nofollow"," ).",[59,60],"br",{},"\nFor more information about this statement, see the ",[52,63,65],{"href":64},"\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","About the OurCS Workshop"," page.",[68,69,71,72,76,77,81],"h3",{"id":70},"chin-et-al-chin-2011-says-if-a-service-is-exported-and-not-protected-with-strong-permissions-then-any-application-can-start-and-bind-to-the-service-depending-on-the-duties-of-a-particular-service-it-may-leak-information-or-perform-unauthorized-tasks-services-sometimes-maintain-singleton-application-state-which-could-be-corrupted","Chin, et al., [ ",[52,73,75],{"href":74},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-Chin11","Chin 2011"," ] says: \" ",[78,79,80],"em",{},"If a Service is exported and not protected with strong permissions, then any application can start and bind to the Service. Depending on the duties of a particular Service, it may leak information or perform unauthorized tasks. Services sometimes maintain singleton application state, which could be corrupted."," \"",[43,83,84],{},"To guard against such eventualities, an exported service should always be protected with strong permissions.",[86,87,89],"h2",{"id":88},"noncompliant-code-example","Noncompliant Code Example",[43,91,92],{},"This noncompliant code example shows an exported service that is unprotected by permissions and which sends sensitive information when started by an arbitrary application:",[94,95,97],"code-block",{"quality":96},"bad",[98,99,104],"pre",{"className":100,"code":101,"language":102,"meta":103,"style":103},"language-java shiki shiki-themes github-light github-dark monokai","\u002F\u002Fbase app manifest\n\u003Cactivity android:exported=\"false\" ... >\n    \u003Cintent-filter > ... \u003C\u002Fintent-filter>\n    ...\n\u003C\u002Factivity>\n","java","",[105,106,107,116,146,178,184],"code",{"__ignoreMap":103},[108,109,112],"span",{"class":110,"line":111},"line",1,[108,113,115],{"class":114},"s8-w5","\u002F\u002Fbase app manifest\n",[108,117,119,123,127,130,133,136,140,143],{"class":110,"line":118},2,[108,120,122],{"class":121},"sC2Qs","\u003C",[108,124,126],{"class":125},"sMOD_","activity android",[108,128,129],{"class":121},":",[108,131,132],{"class":125},"exported",[108,134,135],{"class":121},"=",[108,137,139],{"class":138},"sstjo","\"false\"",[108,141,142],{"class":125}," ... ",[108,144,145],{"class":121},">\n",[108,147,149,152,155,158,161,164,166,169,171,173,176],{"class":110,"line":148},3,[108,150,151],{"class":121},"    \u003C",[108,153,154],{"class":125},"intent",[108,156,157],{"class":121},"-",[108,159,160],{"class":125},"filter ",[108,162,163],{"class":121},">",[108,165,142],{"class":125},[108,167,168],{"class":121},"\u003C\u002F",[108,170,154],{"class":125},[108,172,157],{"class":121},[108,174,175],{"class":125},"filter",[108,177,145],{"class":121},[108,179,181],{"class":110,"line":180},4,[108,182,183],{"class":125},"    ...\n",[108,185,187,189,192],{"class":110,"line":186},5,[108,188,168],{"class":121},[108,190,191],{"class":125},"activity",[108,193,145],{"class":121},[43,195,196],{},"Above code snippet causes an error because \u003Cintent-filter> means that this activity can be launched by other component, so it cannot be false. Depending on the purpose of this service, we can do one of the following:",[198,199,200,204],"ul",{},[201,202,203],"li",{},"We can take out the \u003Cintent-filter>, which makes constrict access to only the components of the same application or applications with the same user ID.",[201,205,206],{},"Assuming we want to let other apps access this app, \u003Cintent-filter> is required. Therefore, custom permission should be used instead of leaving it to default \"normal\". The latter allows other apps to access data from this app, which could be confidential.",[86,208,210],{"id":209},"compliant-solution","Compliant Solution",[43,212,213],{},"This compliant solution shows the permissions set in the manifest that prevent the service shown in the noncompliant code example from being started by an inappropriate application:",[43,215,216],{},[47,217,218,219,224],{},"Disclaimer: the code below is preliminary. and modifed from an answer from ",[52,220,223],{"href":221,"rel":222},"https:\u002F\u002Fstackoverflow.com\u002Fquestions\u002F8816623\u002Fhow-to-use-custom-permissions-in-android",[56],"stackoverflow"," .",[94,226,228],{"quality":227},"good",[98,229,231],{"className":100,"code":230,"language":102,"meta":103,"style":103},"\u002F\u002Fbase app manifest\n\n\u003C?xml version=\"1.0\" encoding=\"utf-8\"?>\n\u003Cmanifest ...>\n    \u003Cpermission android:name=\"customPermission\" android:protectionLevel=\"dangerous\" ...>\u003C\u002Fpermission>\n    \u003Capplication ...>\n        \u003Cactivity\n            android:permission=\"customPermission\"\n            ... >\n            \u003Cintent-filter>\n                \u003Caction android:name=\"android.intent.action.MAIN\" \u002F>\n                \u003Ccategory android:name=\"android.intent.category.LAUNCHER\" \u002F>\n            \u003C\u002Fintent-filter>\n            \u003Cintent-filter >\n                \u003Caction android:name=\"package_name.MyAction\" \u002F>\n                \u003Ccategory android:name=\"android.intent.category.DEFAULT\" \u002F>                \n            \u003C\u002Fintent-filter>\n        \u003C\u002Factivity>\n    \u003C\u002Fapplication>\n\u003C\u002Fmanifest>\n \n\u002F\u002Fapps who wish to use base app manifest\n\u003Cmanifest ...>\n\u003Cuses-permission\n     android:name=\"customPermission\"\n     android:maxSdkVersion=.. \u002F>\n...\n\u003C\u002Fmanifest>\n \n\u002F\u002Fin the activities of these apps where we want to use the base-app's activity under protection\nIntent in = new Intent();\nin.setAction(\"package_name.MyAction\");\nin.addCategory(\"android.intent.category.DEFAULT\");\nstartActivity(in);\n",[105,232,233,237,242,266,275,316,326,335,350,358,372,393,412,426,439,457,479,492,502,513,523,529,535,544,557,571,589,595,604,609,615,637,654,668],{"__ignoreMap":103},[108,234,235],{"class":110,"line":111},[108,236,115],{"class":114},[108,238,239],{"class":110,"line":118},[108,240,241],{"emptyLinePlaceholder":7},"\n",[108,243,244,247,250,252,255,258,260,263],{"class":110,"line":148},[108,245,246],{"class":121},"\u003C?",[108,248,249],{"class":125},"xml version",[108,251,135],{"class":121},[108,253,254],{"class":138},"\"1.0\"",[108,256,257],{"class":125}," encoding",[108,259,135],{"class":121},[108,261,262],{"class":138},"\"utf-8\"",[108,264,265],{"class":121},"?>\n",[108,267,268,270,273],{"class":110,"line":180},[108,269,122],{"class":121},[108,271,272],{"class":125},"manifest ...",[108,274,145],{"class":121},[108,276,277,279,282,284,287,289,292,295,297,300,302,305,308,311,314],{"class":110,"line":186},[108,278,151],{"class":121},[108,280,281],{"class":125},"permission android",[108,283,129],{"class":121},[108,285,286],{"class":125},"name",[108,288,135],{"class":121},[108,290,291],{"class":138},"\"customPermission\"",[108,293,294],{"class":125}," android",[108,296,129],{"class":121},[108,298,299],{"class":125},"protectionLevel",[108,301,135],{"class":121},[108,303,304],{"class":138},"\"dangerous\"",[108,306,307],{"class":125}," ...",[108,309,310],{"class":121},">\u003C\u002F",[108,312,313],{"class":125},"permission",[108,315,145],{"class":121},[108,317,319,321,324],{"class":110,"line":318},6,[108,320,151],{"class":121},[108,322,323],{"class":125},"application ...",[108,325,145],{"class":121},[108,327,329,332],{"class":110,"line":328},7,[108,330,331],{"class":121},"        \u003C",[108,333,334],{"class":125},"activity\n",[108,336,338,341,343,345,347],{"class":110,"line":337},8,[108,339,340],{"class":125},"            android",[108,342,129],{"class":121},[108,344,313],{"class":125},[108,346,135],{"class":121},[108,348,349],{"class":138},"\"customPermission\"\n",[108,351,353,356],{"class":110,"line":352},9,[108,354,355],{"class":125},"            ... ",[108,357,145],{"class":121},[108,359,361,364,366,368,370],{"class":110,"line":360},10,[108,362,363],{"class":121},"            \u003C",[108,365,154],{"class":125},[108,367,157],{"class":121},[108,369,175],{"class":125},[108,371,145],{"class":121},[108,373,375,378,381,383,385,387,390],{"class":110,"line":374},11,[108,376,377],{"class":121},"                \u003C",[108,379,380],{"class":125},"action android",[108,382,129],{"class":121},[108,384,286],{"class":125},[108,386,135],{"class":121},[108,388,389],{"class":138},"\"android.intent.action.MAIN\"",[108,391,392],{"class":121}," \u002F>\n",[108,394,396,398,401,403,405,407,410],{"class":110,"line":395},12,[108,397,377],{"class":121},[108,399,400],{"class":125},"category android",[108,402,129],{"class":121},[108,404,286],{"class":125},[108,406,135],{"class":121},[108,408,409],{"class":138},"\"android.intent.category.LAUNCHER\"",[108,411,392],{"class":121},[108,413,415,418,420,422,424],{"class":110,"line":414},13,[108,416,417],{"class":121},"            \u003C\u002F",[108,419,154],{"class":125},[108,421,157],{"class":121},[108,423,175],{"class":125},[108,425,145],{"class":121},[108,427,429,431,433,435,437],{"class":110,"line":428},14,[108,430,363],{"class":121},[108,432,154],{"class":125},[108,434,157],{"class":121},[108,436,160],{"class":125},[108,438,145],{"class":121},[108,440,442,444,446,448,450,452,455],{"class":110,"line":441},15,[108,443,377],{"class":121},[108,445,380],{"class":125},[108,447,129],{"class":121},[108,449,286],{"class":125},[108,451,135],{"class":121},[108,453,454],{"class":138},"\"package_name.MyAction\"",[108,456,392],{"class":121},[108,458,460,462,464,466,468,470,473,476],{"class":110,"line":459},16,[108,461,377],{"class":121},[108,463,400],{"class":125},[108,465,129],{"class":121},[108,467,286],{"class":125},[108,469,135],{"class":121},[108,471,472],{"class":138},"\"android.intent.category.DEFAULT\"",[108,474,475],{"class":121}," \u002F>",[108,477,478],{"class":125},"                \n",[108,480,482,484,486,488,490],{"class":110,"line":481},17,[108,483,417],{"class":121},[108,485,154],{"class":125},[108,487,157],{"class":121},[108,489,175],{"class":125},[108,491,145],{"class":121},[108,493,495,498,500],{"class":110,"line":494},18,[108,496,497],{"class":121},"        \u003C\u002F",[108,499,191],{"class":125},[108,501,145],{"class":121},[108,503,505,508,511],{"class":110,"line":504},19,[108,506,507],{"class":121},"    \u003C\u002F",[108,509,510],{"class":125},"application",[108,512,145],{"class":121},[108,514,516,518,521],{"class":110,"line":515},20,[108,517,168],{"class":121},[108,519,520],{"class":125},"manifest",[108,522,145],{"class":121},[108,524,526],{"class":110,"line":525},21,[108,527,528],{"class":125}," \n",[108,530,532],{"class":110,"line":531},22,[108,533,534],{"class":114},"\u002F\u002Fapps who wish to use base app manifest\n",[108,536,538,540,542],{"class":110,"line":537},23,[108,539,122],{"class":121},[108,541,272],{"class":125},[108,543,145],{"class":121},[108,545,547,549,552,554],{"class":110,"line":546},24,[108,548,122],{"class":121},[108,550,551],{"class":125},"uses",[108,553,157],{"class":121},[108,555,556],{"class":125},"permission\n",[108,558,560,563,565,567,569],{"class":110,"line":559},25,[108,561,562],{"class":125},"     android",[108,564,129],{"class":121},[108,566,286],{"class":125},[108,568,135],{"class":121},[108,570,349],{"class":138},[108,572,574,576,578,581,583,586],{"class":110,"line":573},26,[108,575,562],{"class":125},[108,577,129],{"class":121},[108,579,580],{"class":125},"maxSdkVersion",[108,582,135],{"class":121},[108,584,585],{"class":125},".. ",[108,587,588],{"class":121},"\u002F>\n",[108,590,592],{"class":110,"line":591},27,[108,593,594],{"class":125},"...\n",[108,596,598,600,602],{"class":110,"line":597},28,[108,599,168],{"class":121},[108,601,520],{"class":125},[108,603,145],{"class":121},[108,605,607],{"class":110,"line":606},29,[108,608,528],{"class":125},[108,610,612],{"class":110,"line":611},30,[108,613,614],{"class":114},"\u002F\u002Fin the activities of these apps where we want to use the base-app's activity under protection\n",[108,616,618,622,625,627,630,634],{"class":110,"line":617},31,[108,619,621],{"class":620},"sk8M1","Intent",[108,623,624],{"class":125}," in ",[108,626,135],{"class":121},[108,628,629],{"class":121}," new",[108,631,633],{"class":632},"srTi1"," Intent",[108,635,636],{"class":125},"();\n",[108,638,640,643,646,649,651],{"class":110,"line":639},32,[108,641,642],{"class":125},"in.",[108,644,645],{"class":632},"setAction",[108,647,648],{"class":125},"(",[108,650,454],{"class":138},[108,652,653],{"class":125},");\n",[108,655,657,659,662,664,666],{"class":110,"line":656},33,[108,658,642],{"class":125},[108,660,661],{"class":632},"addCategory",[108,663,648],{"class":125},[108,665,472],{"class":138},[108,667,653],{"class":125},[108,669,671,674],{"class":110,"line":670},34,[108,672,673],{"class":632},"startActivity",[108,675,676],{"class":125},"(in);\n",[43,678,679,680,685,686,691],{},"The above is a general example on how to use custom permission. There are also other types of ",[52,681,684],{"href":682,"rel":683},"https:\u002F\u002Fdeveloper.android.com\u002Fguide\u002Ftopics\u002Fmanifest\u002Fpermission-element.html#plevel",[56],"permissions"," aside from \"dangerous\" . Please note that the  of how the apps are started also affect how permission works [ ",[52,687,690],{"href":688,"rel":689},"https:\u002F\u002Fcommonsware.com\u002Fblog\u002F2014\u002F02\u002F12\u002Fvulnerabilities-custom-permissions.html",[56],"Murphy 2011"," ].",[86,693,695],{"id":694},"risk-assessment","Risk Assessment",[43,697,698],{},"Failing to protect an exported service with strong permissions may lead to sensitive data being revealed or to denial of service.",[700,701,702,703,702,733],"table",{},"\n  ",[704,705,706,707,702],"thead",{},"\n    ",[708,709,710,711,710,715,710,718,710,721,710,724,710,727,710,730,706],"tr",{},"\n      ",[712,713,714],"th",{},"Rule",[712,716,717],{},"Severity",[712,719,720],{},"Likelihood",[712,722,723],{},"Detectable",[712,725,726],{},"Repairable",[712,728,729],{},"Priority",[712,731,732],{},"Level",[734,735,706,736,702],"tbody",{},[708,737,710,738,710,742,710,745,710,748,710,751,710,754,710,758,706],{},[739,740,741],"td",{},"DRD07-X",[739,743,744],{},"High",[739,746,747],{},"Probable",[739,749,750],{},"Yes",[739,752,753],{},"No",[739,755,757],{"style":756},"color: #e74c3c;","P12",[739,759,760],{"style":756},"L1",[86,762,764],{"id":763},"automated-detection","Automated Detection",[43,766,767],{},"Automatic detection of an exported service is straightforward. It is not feasible to automatically determine whether appropriate permissions have been set in the manifest.",[43,769,770],{},"Tool",[43,772,773],{},"Version",[43,775,776],{},"Checker",[43,778,779],{},"Description",[86,781,783],{"id":782},"related-vulnerabilities","Related Vulnerabilities",[198,785,786,794],{},[201,787,788,793],{},[52,789,792],{"href":790,"rel":791},"https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2017-12816",[56],"CVE-2017-12816"," In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions",[201,795,796,801],{},[52,797,800],{"href":798,"rel":799},"https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2016-10135",[56],"CVE-2016-10135"," Multiple LG Android Mobile Devices Multiple Security Bypass Vulnerabilities",[86,803,805],{"id":804},"related-guidelines","Related Guidelines",[700,807,808,816],{},[704,809,810],{},[708,811,812,814],{},[712,813],{},[712,815],{},[734,817,818],{},[708,819,820,827],{},[739,821,822],{},[52,823,826],{"href":824,"rel":825},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F926.html",[56],"CWE-926",[739,828,829],{},"Improper Export of Android Application Components",[86,831,833],{"id":832},"bibliography","Bibliography",[700,835,836,844],{},[704,837,838],{},[708,839,840,842],{},[712,841],{},[712,843],{},[734,845,846,861],{},[708,847,848,854],{},[739,849,850,851,853],{},"[ ",[52,852,75],{"href":74}," ]",[739,855,856],{},[52,857,860],{"href":858,"rel":859},"https:\u002F\u002Fpeople.eecs.berkeley.edu\u002F~daw\u002Fpapers\u002Fintents-mobisys11.pdf",[56],"Analyzing Inter-Application Communication in Android",[708,862,863,866],{},[739,864,865],{},"M. Murphy 2011",[739,867,868],{},[52,869,871],{"href":688,"rel":870},[56],"Vulnerabilities with Custom Permissions",[873,874],"hr",{},[43,876,877,884,885,884,891],{},[52,878,880],{"href":879},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD06-J.+Do+not+act+on+malicious+intents?showChildren=false&showComments=false",[881,882],"img",{"src":883},"\u002Fattachments\u002F88487702\u002F88497198.png"," ",[52,886,888],{"href":887},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=111509535",[881,889],{"src":890},"\u002Fattachments\u002F88487702\u002F88497196.png",[52,892,894],{"href":893},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD08-J.+Always+canonicalize+a+URL+received+by+a+content+provider?showChildren=false&showComments=false",[881,895],{"src":896},"\u002Fattachments\u002F88487702\u002F88497197.png",[898,899,900],"style",{},"html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}",{"title":103,"searchDepth":118,"depth":118,"links":902},[903,905,906,907,908,909,910,911],{"id":70,"depth":148,"text":904},"Chin, et al., [ Chin 2011 ] says: \" If a Service is exported and not protected with strong permissions, then any application can start and bind to the Service. Depending on the duties of a particular Service, it may leak information or perform unauthorized tasks. Services sometimes maintain singleton application state, which could be corrupted. \"",{"id":88,"depth":118,"text":89},{"id":209,"depth":118,"text":210},{"id":694,"depth":118,"text":695},{"id":763,"depth":118,"text":764},{"id":782,"depth":118,"text":783},{"id":804,"depth":118,"text":805},{"id":832,"depth":118,"text":833},"md",{"tags":914},[915,916,917,918,919,920],"rule","drd","xml","incomplete","android-applicable","cps","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x",{"title":30,"description":103},"3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x","ztrINYg72r1miXoBT0XVbnPSNeqAm2MfRSIuYG-Ouco",[926,930],{"title":927,"path":928,"stem":929,"children":-1},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":931,"path":932,"stem":933,"children":-1},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",[935],{"title":936,"path":937,"stem":938,"children":939},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[940,941,991,1248,1345,1407,1431],{"title":936,"path":937,"stem":938},{"title":942,"path":943,"stem":944,"children":945},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[946,947,969],{"title":942,"path":943,"stem":944},{"title":948,"path":949,"stem":950,"children":951},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[952,953,957,961,965],{"title":948,"path":949,"stem":950},{"title":954,"path":955,"stem":956},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":958,"path":959,"stem":960},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":962,"path":963,"stem":964},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":966,"path":967,"stem":968},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":970,"path":971,"stem":972,"children":973},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[974,975,979,983,987],{"title":970,"path":971,"stem":972},{"title":976,"path":977,"stem":978},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":980,"path":981,"stem":982},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":984,"path":985,"stem":986},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":988,"path":989,"stem":990},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":992,"path":993,"stem":994,"children":995},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[996,997,1001,1005,1018,1022,1044,1048,1052,1056,1060,1090,1094,1098,1102,1120,1124,1128,1132,1136,1162,1176,1180,1184,1206,1210,1214,1218,1222,1226,1230],{"title":992,"path":993,"stem":994},{"title":998,"path":999,"stem":1000},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":1002,"path":1003,"stem":1004},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":1006,"path":1007,"stem":1008,"children":1009},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[1010,1011,1012,1013,1014],{"title":1006,"path":1007,"stem":1008},{"title":927,"path":928,"stem":929},{"title":30,"path":921,"stem":923},{"title":931,"path":932,"stem":933},{"title":1015,"path":1016,"stem":1017},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":1019,"path":1020,"stem":1021},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":1023,"path":1024,"stem":1025,"children":1026},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[1027,1028,1032,1036,1040],{"title":1023,"path":1024,"stem":1025},{"title":1029,"path":1030,"stem":1031},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":1033,"path":1034,"stem":1035},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":1037,"path":1038,"stem":1039},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":1041,"path":1042,"stem":1043},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":1045,"path":1046,"stem":1047},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":1049,"path":1050,"stem":1051},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":1053,"path":1054,"stem":1055},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":1057,"path":1058,"stem":1059},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":1061,"path":1062,"stem":1063,"children":1064},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[1065,1066,1070,1074,1078,1082,1086],{"title":1061,"path":1062,"stem":1063},{"title":1067,"path":1068,"stem":1069},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":1071,"path":1072,"stem":1073},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":1075,"path":1076,"stem":1077},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":1079,"path":1080,"stem":1081},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":1083,"path":1084,"stem":1085},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":1087,"path":1088,"stem":1089},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":1091,"path":1092,"stem":1093},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":1095,"path":1096,"stem":1097},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":1099,"path":1100,"stem":1101},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":1103,"path":1104,"stem":1105,"children":1106},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[1107,1108,1112,1116],{"title":1103,"path":1104,"stem":1105},{"title":1109,"path":1110,"stem":1111},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":1113,"path":1114,"stem":1115},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":1117,"path":1118,"stem":1119},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":1121,"path":1122,"stem":1123},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":1125,"path":1126,"stem":1127},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":1129,"path":1130,"stem":1131},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":1133,"path":1134,"stem":1135},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":1137,"path":1138,"stem":1139,"children":1140},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[1141,1142,1146,1150,1154,1158],{"title":1137,"path":1138,"stem":1139},{"title":1143,"path":1144,"stem":1145},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":1147,"path":1148,"stem":1149},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":1151,"path":1152,"stem":1153},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":1155,"path":1156,"stem":1157},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":1159,"path":1160,"stem":1161},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":1163,"path":1164,"stem":1165,"children":1166},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[1167,1168,1172],{"title":1163,"path":1164,"stem":1165},{"title":1169,"path":1170,"stem":1171},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":1173,"path":1174,"stem":1175},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":1177,"path":1178,"stem":1179},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":1181,"path":1182,"stem":1183},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":1185,"path":1186,"stem":1187,"children":1188},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[1189,1190,1194,1198,1202],{"title":1185,"path":1186,"stem":1187},{"title":1191,"path":1192,"stem":1193},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":1195,"path":1196,"stem":1197},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":1199,"path":1200,"stem":1201},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":1203,"path":1204,"stem":1205},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":1207,"path":1208,"stem":1209},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1211,"path":1212,"stem":1213},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1215,"path":1216,"stem":1217},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1219,"path":1220,"stem":1221},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1223,"path":1224,"stem":1225},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1227,"path":1228,"stem":1229},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1231,"path":1232,"stem":1233,"children":1234},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[1235,1236,1240,1244],{"title":1231,"path":1232,"stem":1233},{"title":1237,"path":1238,"stem":1239},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":1241,"path":1242,"stem":1243},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":1245,"path":1246,"stem":1247},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1249,"path":1250,"stem":1251,"children":1252},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1253,1254,1257,1261,1264,1267,1270,1273,1276,1279,1282,1285,1288,1291,1294,1297,1300,1303,1306,1309,1312,1315,1318,1321,1324,1327,1330,1333,1336,1339,1342],{"title":1249,"path":1250,"stem":1251},{"title":998,"path":1255,"stem":1256},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1258,"path":1259,"stem":1260},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":1006,"path":1262,"stem":1263},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":1019,"path":1265,"stem":1266},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":1023,"path":1268,"stem":1269},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":1045,"path":1271,"stem":1272},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":1049,"path":1274,"stem":1275},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":1053,"path":1277,"stem":1278},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":1057,"path":1280,"stem":1281},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":1061,"path":1283,"stem":1284},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":1091,"path":1286,"stem":1287},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":1095,"path":1289,"stem":1290},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":1099,"path":1292,"stem":1293},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":1103,"path":1295,"stem":1296},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":1121,"path":1298,"stem":1299},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":1125,"path":1301,"stem":1302},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":1129,"path":1304,"stem":1305},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":1133,"path":1307,"stem":1308},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":1137,"path":1310,"stem":1311},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":1163,"path":1313,"stem":1314},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":1177,"path":1316,"stem":1317},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":1181,"path":1319,"stem":1320},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":1185,"path":1322,"stem":1323},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":1207,"path":1325,"stem":1326},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1211,"path":1328,"stem":1329},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1215,"path":1331,"stem":1332},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1219,"path":1334,"stem":1335},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1223,"path":1337,"stem":1338},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1227,"path":1340,"stem":1341},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1231,"path":1343,"stem":1344},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1346,"path":1347,"stem":1348,"children":1349},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1350,1351,1355,1377,1381,1403],{"title":1346,"path":1347,"stem":1348},{"title":1352,"path":1353,"stem":1354},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1356,"path":1357,"stem":1358,"children":1359},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1360,1361,1365,1369,1373],{"title":1356,"path":1357,"stem":1358},{"title":1362,"path":1363,"stem":1364},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1366,"path":1367,"stem":1368},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1370,"path":1371,"stem":1372},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1374,"path":1375,"stem":1376},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1378,"path":1379,"stem":1380},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1382,"path":1383,"stem":1384,"children":1385},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1386,1387,1391,1395,1399],{"title":1382,"path":1383,"stem":1384},{"title":1388,"path":1389,"stem":1390},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1392,"path":1393,"stem":1394},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1396,"path":1397,"stem":1398},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1400,"path":1401,"stem":1402},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1404,"path":1405,"stem":1406},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1408,"path":1409,"stem":1410,"children":1411},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1412,1413,1417],{"title":1408,"path":1409,"stem":1410},{"title":1414,"path":1415,"stem":1416},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1418,"path":1419,"stem":1420,"children":1421},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1422,1423,1427],{"title":1418,"path":1419,"stem":1420},{"title":1424,"path":1425,"stem":1426},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1428,"path":1429,"stem":1430},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1432,"path":1433,"stem":1434,"children":1435},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1436,1437,1439,1443,1447,1451,1455,1459,1463,1467,1471,1475,1479,1483,1487,1491],{"title":1432,"path":1433,"stem":1434},{"title":65,"path":64,"stem":1438},"3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1440,"path":1441,"stem":1442},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1444,"path":1445,"stem":1446},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1448,"path":1449,"stem":1450},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1452,"path":1453,"stem":1454},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1456,"path":1457,"stem":1458},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1460,"path":1461,"stem":1462},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1464,"path":1465,"stem":1466},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1468,"path":1469,"stem":1470},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1472,"path":1473,"stem":1474},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1476,"path":1477,"stem":1478},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1480,"path":1481,"stem":1482},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1484,"path":1485,"stem":1486},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1488,"path":1489,"stem":1490},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1492,"path":1493,"stem":1494},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657823533]