[{"data":1,"prerenderedAt":1286},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities":714,"sidebar-android-secure-coding-standard":723},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":701,"extension":702,"meta":703,"navigation":7,"path":710,"seo":711,"stem":712,"__hash__":713},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities.md","DRD09. Restrict access to sensitive activities",{"type":32,"value":33,"toc":691},"minimark",[34,38,47,50,55,61,74,138,152,156,159,167,184,194,198,212,220,465,476,479,489,493,496,557,561,564,567,570,573,576,580,590,594,636,640,665,687],[35,36,30],"h1",{"id":37},"drd09-restrict-access-to-sensitive-activities",[39,40,41,42,46],"p",{},"On Android, declaring an intent filter for an activity in the ",[43,44,45],"em",{},"AndroidManifest.xml"," file means that the activity may be exported to other apps. If the activity is intended solely for the internal use of the app and an intent filter is declared then any other apps, including malware, can activate the activity for unintended use.",[39,48,49],{},"In the case of the vulnerability in the Twicca app (in versions 0.7.0 through 0.9.30, see the link below), by launching Twicca's activity, another app that does not have permission to access the SD card or network could upload images or movies stored on the SD card to a social networking service with the Twicca user's Twitter account.",[51,52,54],"h2",{"id":53},"noncompliant-code-example","Noncompliant Code Example",[39,56,57,58,60],{},"This noncompliant code example shows an ",[43,59,45],{}," file for an application that exports the activity to other apps, but does not restrict access to its sensitive activity:",[62,63,69],"div",{"className":64,"style":68},[65,66,67],"codeHeader","panelHeader","pdl","border-bottom-width: 1px;background-color: #FFCCCC;",[39,70,71],{},[72,73,45],"strong",{},[75,76,78],"code-block",{"quality":77},"bad",[79,80,85],"pre",{"className":81,"code":82,"language":83,"meta":84,"style":84},"language-html\u002Fxml shiki shiki-themes github-light github-dark monokai","\u003Cactivity android:configChanges=\"keyboard|keyboardHidden|orientation\" android:name=\".media.yfrog.YfrogUploadDialog\" android:theme=\"@style\u002FVulnerable.Dialog\" android:windowSoftInputMode=\"stateAlwaysHidden\">            \n    \u003Cintent-filter android:icon=\"@drawable\u002Fyfrog_icon\" android:label=\"@string\u002FYFROG\">\n        \u003Caction android:name=\"jp.co.vulnerable.ACTION_UPLOAD\" \u002F>                 \n        \u003Ccategory android:name=\"android.intent.category.DEFAULT\" \u002F>                 \n        \u003Cdata android:mimeType=\"image\u002F*\" \u002F>                 \n        \u003Cdata android:mimeType=\"video\u002F*\" \u002F>             \n    \u003C\u002Fintent-filter>         \n\u003C\u002Factivity>\n","html\u002Fxml","",[86,87,88,96,102,108,114,120,126,132],"code",{"__ignoreMap":84},[89,90,93],"span",{"class":91,"line":92},"line",1,[89,94,95],{},"\u003Cactivity android:configChanges=\"keyboard|keyboardHidden|orientation\" android:name=\".media.yfrog.YfrogUploadDialog\" android:theme=\"@style\u002FVulnerable.Dialog\" android:windowSoftInputMode=\"stateAlwaysHidden\">            \n",[89,97,99],{"class":91,"line":98},2,[89,100,101],{},"    \u003Cintent-filter android:icon=\"@drawable\u002Fyfrog_icon\" android:label=\"@string\u002FYFROG\">\n",[89,103,105],{"class":91,"line":104},3,[89,106,107],{},"        \u003Caction android:name=\"jp.co.vulnerable.ACTION_UPLOAD\" \u002F>                 \n",[89,109,111],{"class":91,"line":110},4,[89,112,113],{},"        \u003Ccategory android:name=\"android.intent.category.DEFAULT\" \u002F>                 \n",[89,115,117],{"class":91,"line":116},5,[89,118,119],{},"        \u003Cdata android:mimeType=\"image\u002F*\" \u002F>                 \n",[89,121,123],{"class":91,"line":122},6,[89,124,125],{},"        \u003Cdata android:mimeType=\"video\u002F*\" \u002F>             \n",[89,127,129],{"class":91,"line":128},7,[89,130,131],{},"    \u003C\u002Fintent-filter>         \n",[89,133,135],{"class":91,"line":134},8,[89,136,137],{},"\u003C\u002Factivity>\n",[39,139,140,143,144,147,148,151],{},[86,141,142],{},"android:name"," refers to the name of the class that implements this activity. The name of the package is \" ",[86,145,146],{},"jp.co.vulnerable"," \" so the fully qualified name of the class implementing this activity is ",[86,149,150],{},"jp.co.vulnerable.media.yfrog.YfrogUploadDialog"," . Since the intent filter is defined, this activity is exported to other apps.",[51,153,155],{"id":154},"compliant-solution-do-not-export-activity","Compliant Solution (Do not export activity)",[39,157,158],{},"In this compliant solution the activity is not exported:",[62,160,163],{"className":161,"style":162},[65,66,67],"border-bottom-width: 1px;background-color: #CCCCFF;",[39,164,165],{},[72,166,45],{},[75,168,170],{"quality":169},"good",[79,171,173],{"className":81,"code":172,"language":83,"meta":84,"style":84},"\u003Cactivity android:configChanges=\"keyboard|keyboardHidden|orientation\" android:name=\".media.yfrog.YfrogUploadDialog\" android:theme=\"@style\u002F VulnerableTheme.Dialog\" android:windowSoftInputMode=\"stateAlwaysHidden\" android:exported=\"false\">     \n\u003C\u002Factivity>\n",[86,174,175,180],{"__ignoreMap":84},[89,176,177],{"class":91,"line":92},[89,178,179],{},"\u003Cactivity android:configChanges=\"keyboard|keyboardHidden|orientation\" android:name=\".media.yfrog.YfrogUploadDialog\" android:theme=\"@style\u002F VulnerableTheme.Dialog\" android:windowSoftInputMode=\"stateAlwaysHidden\" android:exported=\"false\">     \n",[89,181,182],{"class":91,"line":98},[89,183,137],{},[39,185,186,187,190,191,193],{},"By declaring ",[86,188,189],{},"android:exported=\"false\""," for an activity tag in the ",[43,192,45],{}," file, the activity is restricted to only accept intents from within the same app or from an app with the same user ID.",[51,195,197],{"id":196},"compliant-solution-twicca","Compliant Solution (Twicca)",[39,199,200,201,204,205,207,208,211],{},"This vulnerability was fixed in Twicca v0.9.31. Instead of declaring the activity ",[86,202,203],{},"exported=\"false\""," in ",[43,206,45],{}," , Twicca fixed this vulnerability by validating the caller of this activity. In the ",[86,209,210],{},"onCreate()"," method of the activity class, code was added to check if the package name of the caller is the same as the package name of itself. If the package names are different, the activity exits:",[62,213,215],{"className":214,"style":162},[65,66,67],[39,216,217],{},[72,218,219],{},"jp.r246.twicca.media.yfrog.YfrogUploadDialog",[75,221,222],{"quality":169},[79,223,227],{"className":224,"code":225,"language":226,"meta":84,"style":84},"language-java shiki shiki-themes github-light github-dark monokai","public void onCreate(Bundle arg5) { \n    super.onCreate(arg5); \n    ... \n    ComponentName v0 = this.getCallingActivity(); \n    if(v0 == null) { \n        this.finish(); \n    } else if(!jp.r246.twicca.equals(v0.getPackageName())) { \n        this.finish(); \n        } else { \n            this.a = this.getIntent().getData(); \n            if(this.a == null) { \n                this.finish(); \n            } \n            ... \n        } \n    }\n}\n","java",[86,228,229,254,269,274,296,314,326,357,367,378,404,423,435,441,447,453,459],{"__ignoreMap":84},[89,230,231,235,239,243,247,251],{"class":91,"line":92},[89,232,234],{"class":233},"sC2Qs","public",[89,236,238],{"class":237},"sq6CD"," void",[89,240,242],{"class":241},"srTi1"," onCreate",[89,244,246],{"class":245},"sMOD_","(",[89,248,250],{"class":249},"sk8M1","Bundle",[89,252,253],{"class":245}," arg5) { \n",[89,255,256,260,263,266],{"class":91,"line":98},[89,257,259],{"class":258},"sP7S_","    super",[89,261,262],{"class":245},".",[89,264,265],{"class":241},"onCreate",[89,267,268],{"class":245},"(arg5); \n",[89,270,271],{"class":91,"line":104},[89,272,273],{"class":245},"    ... \n",[89,275,276,279,282,285,288,290,293],{"class":91,"line":110},[89,277,278],{"class":249},"    ComponentName",[89,280,281],{"class":245}," v0 ",[89,283,284],{"class":233},"=",[89,286,287],{"class":258}," this",[89,289,262],{"class":245},[89,291,292],{"class":241},"getCallingActivity",[89,294,295],{"class":245},"(); \n",[89,297,298,301,304,307,311],{"class":91,"line":116},[89,299,300],{"class":233},"    if",[89,302,303],{"class":245},"(v0 ",[89,305,306],{"class":233},"==",[89,308,310],{"class":309},"s7F3e"," null",[89,312,313],{"class":245},") { \n",[89,315,316,319,321,324],{"class":91,"line":122},[89,317,318],{"class":258},"        this",[89,320,262],{"class":245},[89,322,323],{"class":241},"finish",[89,325,295],{"class":245},[89,327,328,331,334,337,339,342,345,348,351,354],{"class":91,"line":128},[89,329,330],{"class":245},"    } ",[89,332,333],{"class":233},"else",[89,335,336],{"class":233}," if",[89,338,246],{"class":245},[89,340,341],{"class":233},"!",[89,343,344],{"class":245},"jp.r246.twicca.",[89,346,347],{"class":241},"equals",[89,349,350],{"class":245},"(v0.",[89,352,353],{"class":241},"getPackageName",[89,355,356],{"class":245},"())) { \n",[89,358,359,361,363,365],{"class":91,"line":134},[89,360,318],{"class":258},[89,362,262],{"class":245},[89,364,323],{"class":241},[89,366,295],{"class":245},[89,368,370,373,375],{"class":91,"line":369},9,[89,371,372],{"class":245},"        } ",[89,374,333],{"class":233},[89,376,377],{"class":245}," { \n",[89,379,381,384,387,389,391,393,396,399,402],{"class":91,"line":380},10,[89,382,383],{"class":258},"            this",[89,385,386],{"class":245},".a ",[89,388,284],{"class":233},[89,390,287],{"class":258},[89,392,262],{"class":245},[89,394,395],{"class":241},"getIntent",[89,397,398],{"class":245},"().",[89,400,401],{"class":241},"getData",[89,403,295],{"class":245},[89,405,407,410,412,415,417,419,421],{"class":91,"line":406},11,[89,408,409],{"class":233},"            if",[89,411,246],{"class":245},[89,413,414],{"class":258},"this",[89,416,386],{"class":245},[89,418,306],{"class":233},[89,420,310],{"class":309},[89,422,313],{"class":245},[89,424,426,429,431,433],{"class":91,"line":425},12,[89,427,428],{"class":258},"                this",[89,430,262],{"class":245},[89,432,323],{"class":241},[89,434,295],{"class":245},[89,436,438],{"class":91,"line":437},13,[89,439,440],{"class":245},"            } \n",[89,442,444],{"class":91,"line":443},14,[89,445,446],{"class":245},"            ... \n",[89,448,450],{"class":91,"line":449},15,[89,451,452],{"class":245},"        } \n",[89,454,456],{"class":91,"line":455},16,[89,457,458],{"class":245},"    }\n",[89,460,462],{"class":91,"line":461},17,[89,463,464],{"class":245},"}\n",[39,466,467,468,475],{},"An Android developer can arbitrarily choose a package name, so different app developers could choose the same package name. Therefore, it is generally not recommended to use the package name for validating the caller of the activity [ ",[469,470,474],"a",{"href":471,"rel":472},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FAA.+References#AA.References-JSSEC13",[473],"nofollow","JSSEC 2013"," ]. The recommended alternative is to check the developer's certificate, instead of the package name.",[39,477,478],{},"However, considering the following facts, Twicca's solution may be logical and safe against the exploit:",[480,481,482,486],"ul",{},[483,484,485],"li",{},"Only one app with a particular package name can exist on Google Play.",[483,487,488],{},"If a user tries to install an app whose package name already exists on the device, the installation either will fail or will overwrite the previously installed app.",[51,490,492],{"id":491},"risk-assessment","Risk Assessment",[39,494,495],{},"Acting on receipt of an intent without validating the caller's identity may lead to sensitive data being revealed, or to denial of service.",[497,498,499,500,499,530],"table",{},"\n  ",[501,502,503,504,499],"thead",{},"\n    ",[505,506,507,508,507,512,507,515,507,518,507,521,507,524,507,527,503],"tr",{},"\n      ",[509,510,511],"th",{},"Rule",[509,513,514],{},"Severity",[509,516,517],{},"Likelihood",[509,519,520],{},"Detectable",[509,522,523],{},"Repairable",[509,525,526],{},"Priority",[509,528,529],{},"Level",[531,532,503,533,499],"tbody",{},[505,534,507,535,507,539,507,542,507,545,507,548,507,550,507,554,503],{},[536,537,538],"td",{},"DRD09-J",[536,540,541],{},"High",[536,543,544],{},"Probable",[536,546,547],{},"No",[536,549,547],{},[536,551,553],{"style":552},"color: #f1c40f;","P6",[536,555,556],{"style":552},"L2",[51,558,560],{"id":559},"automated-detection","Automated Detection",[39,562,563],{},"Automatic detection of the receipt of an intent is straightforward. It is not feasible to automatically determine whether appropriate checks are made of the caller's identity or whether appropriate permission requirements have been set in the manifest.",[39,565,566],{},"Tool",[39,568,569],{},"Version",[39,571,572],{},"Checker",[39,574,575],{},"Description",[51,577,579],{"id":578},"related-vulnerabilities","Related Vulnerabilities",[480,581,582],{},[483,583,584,589],{},[469,585,588],{"href":586,"rel":587},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN31860555\u002F",[473],"JVN#31860555"," Twicca fails to restrict access permissions",[51,591,593],{"id":592},"related-guidelines","Related Guidelines",[497,595,598,607],{"className":596},[597],"wrapped",[599,600,601,605],"colgroup",{},[602,603],"col",{"style":604},"width: 50%",[602,606],{"style":604},[531,608,609],{},[505,610,613,624],{"className":611},[612],"odd",[536,614,615],{},[39,616,617,623],{},[43,618,619],{},[469,620,622],{"href":621},"http:\u002F\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding_en.pdf","Android Secure Design \u002F Secure Coding Guidebook"," by JSSEC",[536,625,626],{},[39,627,628,629,632,633,635],{},"4.1.1.1 Creating\u002Fusing private activities",[630,631],"br",{},"\n4.1.3.1. Combining exported attributes and and intent filter settings (for activities)",[630,634],{},"\n4.1.3.2. Validating the requesting application",[51,637,639],{"id":638},"bibliography","Bibliography",[497,641,642,650],{},[501,643,644],{},[505,645,646,648],{},[509,647],{},[509,649],{},[531,651,652],{},[505,653,654,662],{},[536,655,656,657,661],{},"[ ",[469,658,660],{"rel":659},[473],"JSSEC 2014"," ]",[536,663,664],{},"4.1 To use and to make an activity",[39,666,667,674,675,674,681],{},[469,668,670],{"href":669},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD08-J.+Always+canonicalize+a+URL+received+by+a+content+provider?showChildren=false&showComments=false",[671,672],"img",{"src":673},"\u002Fattachments\u002F88487702\u002F88497198.png"," ",[469,676,678],{"href":677},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=111509535",[671,679],{"src":680},"\u002Fattachments\u002F88487702\u002F88497196.png",[469,682,684],{"href":683},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD10-J.+Do+not+release+apps+that+are+debuggable?showChildren=false&showComments=false",[671,685],{"src":686},"\u002Fattachments\u002F88487702\u002F88497197.png",[688,689,690],"style",{},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sP7S_, html code.shiki .sP7S_{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#FD971F}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}",{"title":84,"searchDepth":98,"depth":98,"links":692},[693,694,695,696,697,698,699,700],{"id":53,"depth":98,"text":54},{"id":154,"depth":98,"text":155},{"id":196,"depth":98,"text":197},{"id":491,"depth":98,"text":492},{"id":559,"depth":98,"text":560},{"id":578,"depth":98,"text":579},{"id":592,"depth":98,"text":593},{"id":638,"depth":98,"text":639},"On Android, declaring an intent filter for an activity in the AndroidManifest.xml file means that the activity may be exported to other apps. If the activity is intended solely for the internal use of the app and an intent filter is declared then any other apps, including malware, can activate the activity for unintended use.","md",{"tags":704},[705,706,707,708,709],"rule","drd","android-applicable","cps","general","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities",{"title":30,"description":701},"3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities","d4QZCSYS-baihcw2tQNhuMhF8hsJtlfymfD4-Du0yLw",[715,719],{"title":716,"path":717,"stem":718,"children":-1},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":720,"path":721,"stem":722,"children":-1},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",[724],{"title":725,"path":726,"stem":727,"children":728},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[729,730,780,1037,1134,1196,1220],{"title":725,"path":726,"stem":727},{"title":731,"path":732,"stem":733,"children":734},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[735,736,758],{"title":731,"path":732,"stem":733},{"title":737,"path":738,"stem":739,"children":740},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[741,742,746,750,754],{"title":737,"path":738,"stem":739},{"title":743,"path":744,"stem":745},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":747,"path":748,"stem":749},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":751,"path":752,"stem":753},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":755,"path":756,"stem":757},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":759,"path":760,"stem":761,"children":762},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[763,764,768,772,776],{"title":759,"path":760,"stem":761},{"title":765,"path":766,"stem":767},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":769,"path":770,"stem":771},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":773,"path":774,"stem":775},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":777,"path":778,"stem":779},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":781,"path":782,"stem":783,"children":784},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[785,786,790,794,810,811,833,837,841,845,849,879,883,887,891,909,913,917,921,925,951,965,969,973,995,999,1003,1007,1011,1015,1019],{"title":781,"path":782,"stem":783},{"title":787,"path":788,"stem":789},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":791,"path":792,"stem":793},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":795,"path":796,"stem":797,"children":798},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[799,800,804,808,809],{"title":795,"path":796,"stem":797},{"title":801,"path":802,"stem":803},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":805,"path":806,"stem":807},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":716,"path":717,"stem":718},{"title":30,"path":710,"stem":712},{"title":720,"path":721,"stem":722},{"title":812,"path":813,"stem":814,"children":815},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[816,817,821,825,829],{"title":812,"path":813,"stem":814},{"title":818,"path":819,"stem":820},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":822,"path":823,"stem":824},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":826,"path":827,"stem":828},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":830,"path":831,"stem":832},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":834,"path":835,"stem":836},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":838,"path":839,"stem":840},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":842,"path":843,"stem":844},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":846,"path":847,"stem":848},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":850,"path":851,"stem":852,"children":853},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[854,855,859,863,867,871,875],{"title":850,"path":851,"stem":852},{"title":856,"path":857,"stem":858},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":860,"path":861,"stem":862},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":864,"path":865,"stem":866},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":868,"path":869,"stem":870},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":872,"path":873,"stem":874},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":876,"path":877,"stem":878},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":880,"path":881,"stem":882},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":884,"path":885,"stem":886},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":888,"path":889,"stem":890},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":892,"path":893,"stem":894,"children":895},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[896,897,901,905],{"title":892,"path":893,"stem":894},{"title":898,"path":899,"stem":900},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":902,"path":903,"stem":904},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":906,"path":907,"stem":908},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":910,"path":911,"stem":912},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":914,"path":915,"stem":916},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":918,"path":919,"stem":920},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":922,"path":923,"stem":924},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":926,"path":927,"stem":928,"children":929},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[930,931,935,939,943,947],{"title":926,"path":927,"stem":928},{"title":932,"path":933,"stem":934},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":936,"path":937,"stem":938},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":940,"path":941,"stem":942},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":944,"path":945,"stem":946},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":948,"path":949,"stem":950},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":952,"path":953,"stem":954,"children":955},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[956,957,961],{"title":952,"path":953,"stem":954},{"title":958,"path":959,"stem":960},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":962,"path":963,"stem":964},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":966,"path":967,"stem":968},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":970,"path":971,"stem":972},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":974,"path":975,"stem":976,"children":977},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[978,979,983,987,991],{"title":974,"path":975,"stem":976},{"title":980,"path":981,"stem":982},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":984,"path":985,"stem":986},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":988,"path":989,"stem":990},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":992,"path":993,"stem":994},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":996,"path":997,"stem":998},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1000,"path":1001,"stem":1002},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1004,"path":1005,"stem":1006},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1008,"path":1009,"stem":1010},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1012,"path":1013,"stem":1014},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1016,"path":1017,"stem":1018},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1020,"path":1021,"stem":1022,"children":1023},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[1024,1025,1029,1033],{"title":1020,"path":1021,"stem":1022},{"title":1026,"path":1027,"stem":1028},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":1030,"path":1031,"stem":1032},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":1034,"path":1035,"stem":1036},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1038,"path":1039,"stem":1040,"children":1041},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1042,1043,1046,1050,1053,1056,1059,1062,1065,1068,1071,1074,1077,1080,1083,1086,1089,1092,1095,1098,1101,1104,1107,1110,1113,1116,1119,1122,1125,1128,1131],{"title":1038,"path":1039,"stem":1040},{"title":787,"path":1044,"stem":1045},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1047,"path":1048,"stem":1049},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":795,"path":1051,"stem":1052},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":720,"path":1054,"stem":1055},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":812,"path":1057,"stem":1058},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":834,"path":1060,"stem":1061},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":838,"path":1063,"stem":1064},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":842,"path":1066,"stem":1067},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":846,"path":1069,"stem":1070},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":850,"path":1072,"stem":1073},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":880,"path":1075,"stem":1076},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":884,"path":1078,"stem":1079},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":888,"path":1081,"stem":1082},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":892,"path":1084,"stem":1085},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":910,"path":1087,"stem":1088},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":914,"path":1090,"stem":1091},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":918,"path":1093,"stem":1094},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":922,"path":1096,"stem":1097},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":926,"path":1099,"stem":1100},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":952,"path":1102,"stem":1103},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":966,"path":1105,"stem":1106},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":970,"path":1108,"stem":1109},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":974,"path":1111,"stem":1112},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":996,"path":1114,"stem":1115},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1000,"path":1117,"stem":1118},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1004,"path":1120,"stem":1121},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1008,"path":1123,"stem":1124},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1012,"path":1126,"stem":1127},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1016,"path":1129,"stem":1130},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1020,"path":1132,"stem":1133},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1135,"path":1136,"stem":1137,"children":1138},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1139,1140,1144,1166,1170,1192],{"title":1135,"path":1136,"stem":1137},{"title":1141,"path":1142,"stem":1143},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1145,"path":1146,"stem":1147,"children":1148},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1149,1150,1154,1158,1162],{"title":1145,"path":1146,"stem":1147},{"title":1151,"path":1152,"stem":1153},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1155,"path":1156,"stem":1157},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1159,"path":1160,"stem":1161},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1163,"path":1164,"stem":1165},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1167,"path":1168,"stem":1169},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1171,"path":1172,"stem":1173,"children":1174},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1175,1176,1180,1184,1188],{"title":1171,"path":1172,"stem":1173},{"title":1177,"path":1178,"stem":1179},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1181,"path":1182,"stem":1183},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1185,"path":1186,"stem":1187},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1189,"path":1190,"stem":1191},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1193,"path":1194,"stem":1195},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1197,"path":1198,"stem":1199,"children":1200},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1201,1202,1206],{"title":1197,"path":1198,"stem":1199},{"title":1203,"path":1204,"stem":1205},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1207,"path":1208,"stem":1209,"children":1210},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1211,1212,1216],{"title":1207,"path":1208,"stem":1209},{"title":1213,"path":1214,"stem":1215},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1217,"path":1218,"stem":1219},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1221,"path":1222,"stem":1223,"children":1224},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1225,1226,1230,1234,1238,1242,1246,1250,1254,1258,1262,1266,1270,1274,1278,1282],{"title":1221,"path":1222,"stem":1223},{"title":1227,"path":1228,"stem":1229},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1231,"path":1232,"stem":1233},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1235,"path":1236,"stem":1237},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1239,"path":1240,"stem":1241},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1243,"path":1244,"stem":1245},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1247,"path":1248,"stem":1249},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1251,"path":1252,"stem":1253},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1255,"path":1256,"stem":1257},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1259,"path":1260,"stem":1261},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1263,"path":1264,"stem":1265},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1267,"path":1268,"stem":1269},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1271,"path":1272,"stem":1273},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1275,"path":1276,"stem":1277},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1279,"path":1280,"stem":1281},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1283,"path":1284,"stem":1285},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657823534]