[{"data":1,"prerenderedAt":1632},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first":1063,"sidebar-android-secure-coding-standard":1072},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":1050,"extension":1051,"meta":1052,"navigation":7,"path":1059,"seo":1060,"stem":1061,"__hash__":1062},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first.md","DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first",{"type":32,"value":33,"toc":1038},"minimark",[34,38,55,62,65,86,92,95,100,103,397,402,405,452,456,471,660,664,684,688,691,757,761,768,834,838,858,862,940,944,1010,1013,1034],[35,36,30],"h1",{"id":37},"drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",[39,40,41,42,46,47,50,51,54],"p",{},"Android provides several options to save persistent application data, one of which is External Storage ( ",[43,44,45],"code",{},"\u002Fsdcard"," , ",[43,48,49],{},"\u002Fmnt\u002Fsdcard"," ). \"External storage\" examples include a micro- or standard-sized SD card internal to the device, Android device storage mounted to a PC, and the ",[43,52,53],{},"Android\u002Fobb"," directory.",[39,56,57,58,61],{},"Files saved to the external storage prior to Android 4.1 are world-readable. Prior to Android 1, files saved to external storage are world-writable. From Android 1 to Android 4.3, only the ",[43,59,60],{},"WRITE_EXTERNAL_STORAGE"," permission is required for an app to write to any external storage file stored by any app. Starting with Android 4.4, groups and modes of files are created based on a directory structure, which allows an app permission to manage\u002Fread\u002Fwrite files within a directory structure based on its package name. Starting with Android 4.4, users (including apps as users) are isolated from primary external storage spaces of other apps controlled by the Android device.",[39,63,64],{},"Consequent to the lack of restrictions described above, files written to external storage can be modified or read by other apps installed on the device (for the Android versions which allow read\u002Fwrite) and by anyone with access to the files if stored on an off-device external storage device such as a PC (or if the in-device external storage media is removed and mounted elsewhere).",[39,66,67,68,72,73,78,79,85],{},"The ",[69,70,71],"em",{},"Android API Guides"," [ ",[74,75,77],"a",{"href":76},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-AndroidGuides13","Android Guides 2013"," ] ",[74,80,84],{"href":81,"rel":82},"http:\u002F\u002Fdeveloper.android.com\u002Fguide\u002Ftopics\u002Fdata\u002Fdata-storage.html",[83],"nofollow","Storage Options"," states:",[87,88,89],"blockquote",{},[39,90,91],{},"Caution: External storage can become unavailable if the user mounts the external storage on a computer or removes the media, and there’s no security enforced upon files you save to the external storage. All applications can read and write files placed on the external storage and the use can remove them.",[39,93,94],{},"Developers should not store sensitive data to external storage devices unless encrypted first, because files stored externally have no guarantee of availability, integrity, and confidentiality.",[96,97,99],"h2",{"id":98},"noncompliant-code-example","Noncompliant Code Example",[39,101,102],{},"The following code creates a file on the external storage and saves sensitive information to the file:",[104,105,107],"code-block",{"quality":106},"bad",[108,109,114],"pre",{"className":110,"code":111,"language":112,"meta":113,"style":113},"language-java shiki shiki-themes github-light github-dark monokai","private String filename = \"myfile\"\n\nprivate String string = \"sensitive data such as credit card number\"\nFileOutputStream fos = null;\n\ntry {\n  File file = new File(getExternalFilesDir(TARGET_TYPE), filename);\n  fos = new FileOutputStream(file, false);\n  fos.write(string.getBytes());\n} catch (FileNotFoundException e) {\n  \u002F\u002F handle FileNotFoundException\n} catch (IOException e) {\n  \u002F\u002F handle IOException\n} finally {\n  if (fos != null) {\n    try {\n    fos.close();\n    } catch (IOException e) {\n      \u002F\u002F handle error\n    }\n  }\n}\n","java","",[43,115,116,140,146,161,179,184,193,220,242,260,282,289,305,311,321,337,345,357,373,379,385,391],{"__ignoreMap":113},[117,118,121,125,129,133,136],"span",{"class":119,"line":120},"line",1,[117,122,124],{"class":123},"sC2Qs","private",[117,126,128],{"class":127},"sk8M1"," String",[117,130,132],{"class":131},"sMOD_"," filename ",[117,134,135],{"class":123},"=",[117,137,139],{"class":138},"sstjo"," \"myfile\"\n",[117,141,143],{"class":119,"line":142},2,[117,144,145],{"emptyLinePlaceholder":7},"\n",[117,147,149,151,153,156,158],{"class":119,"line":148},3,[117,150,124],{"class":123},[117,152,128],{"class":127},[117,154,155],{"class":131}," string ",[117,157,135],{"class":123},[117,159,160],{"class":138}," \"sensitive data such as credit card number\"\n",[117,162,164,167,170,172,176],{"class":119,"line":163},4,[117,165,166],{"class":127},"FileOutputStream",[117,168,169],{"class":131}," fos ",[117,171,135],{"class":123},[117,173,175],{"class":174},"s7F3e"," null",[117,177,178],{"class":131},";\n",[117,180,182],{"class":119,"line":181},5,[117,183,145],{"emptyLinePlaceholder":7},[117,185,187,190],{"class":119,"line":186},6,[117,188,189],{"class":123},"try",[117,191,192],{"class":131}," {\n",[117,194,196,199,202,204,207,211,214,217],{"class":119,"line":195},7,[117,197,198],{"class":127},"  File",[117,200,201],{"class":131}," file ",[117,203,135],{"class":123},[117,205,206],{"class":123}," new",[117,208,210],{"class":209},"srTi1"," File",[117,212,213],{"class":131},"(",[117,215,216],{"class":209},"getExternalFilesDir",[117,218,219],{"class":131},"(TARGET_TYPE), filename);\n",[117,221,223,226,228,230,233,236,239],{"class":119,"line":222},8,[117,224,225],{"class":131},"  fos ",[117,227,135],{"class":123},[117,229,206],{"class":123},[117,231,232],{"class":209}," FileOutputStream",[117,234,235],{"class":131},"(file, ",[117,237,238],{"class":174},"false",[117,240,241],{"class":131},");\n",[117,243,245,248,251,254,257],{"class":119,"line":244},9,[117,246,247],{"class":131},"  fos.",[117,249,250],{"class":209},"write",[117,252,253],{"class":131},"(string.",[117,255,256],{"class":209},"getBytes",[117,258,259],{"class":131},"());\n",[117,261,263,266,269,272,275,279],{"class":119,"line":262},10,[117,264,265],{"class":131},"} ",[117,267,268],{"class":123},"catch",[117,270,271],{"class":131}," (",[117,273,274],{"class":127},"FileNotFoundException",[117,276,278],{"class":277},"sTHNf"," e",[117,280,281],{"class":131},") {\n",[117,283,285],{"class":119,"line":284},11,[117,286,288],{"class":287},"s8-w5","  \u002F\u002F handle FileNotFoundException\n",[117,290,292,294,296,298,301,303],{"class":119,"line":291},12,[117,293,265],{"class":131},[117,295,268],{"class":123},[117,297,271],{"class":131},[117,299,300],{"class":127},"IOException",[117,302,278],{"class":277},[117,304,281],{"class":131},[117,306,308],{"class":119,"line":307},13,[117,309,310],{"class":287},"  \u002F\u002F handle IOException\n",[117,312,314,316,319],{"class":119,"line":313},14,[117,315,265],{"class":131},[117,317,318],{"class":123},"finally",[117,320,192],{"class":131},[117,322,324,327,330,333,335],{"class":119,"line":323},15,[117,325,326],{"class":123},"  if",[117,328,329],{"class":131}," (fos ",[117,331,332],{"class":123},"!=",[117,334,175],{"class":174},[117,336,281],{"class":131},[117,338,340,343],{"class":119,"line":339},16,[117,341,342],{"class":123},"    try",[117,344,192],{"class":131},[117,346,348,351,354],{"class":119,"line":347},17,[117,349,350],{"class":131},"    fos.",[117,352,353],{"class":209},"close",[117,355,356],{"class":131},"();\n",[117,358,360,363,365,367,369,371],{"class":119,"line":359},18,[117,361,362],{"class":131},"    } ",[117,364,268],{"class":123},[117,366,271],{"class":131},[117,368,300],{"class":127},[117,370,278],{"class":277},[117,372,281],{"class":131},[117,374,376],{"class":119,"line":375},19,[117,377,378],{"class":287},"      \u002F\u002F handle error\n",[117,380,382],{"class":119,"line":381},20,[117,383,384],{"class":131},"    }\n",[117,386,388],{"class":119,"line":387},21,[117,389,390],{"class":131},"  }\n",[117,392,394],{"class":119,"line":393},22,[117,395,396],{"class":131},"}\n",[398,399,401],"h3",{"id":400},"proof-of-concept","Proof of Concept",[39,403,404],{},"Typically, an application stores files in the directory as follows:",[108,406,408],{"className":110,"code":407,"language":112,"meta":113,"style":113},"\u002Fsdcard\u002FAndroid\u002Fdata\u002Fcom.company.app\u002Ffiles\u002Fsave\u002Fappdata\u002Fsave_appdata\n",[43,409,410],{"__ignoreMap":113},[117,411,412,414,417,419,422,424,427,429,432,434,437,439,442,444,447,449],{"class":119,"line":120},[117,413,6],{"class":123},[117,415,416],{"class":131},"sdcard",[117,418,6],{"class":123},[117,420,421],{"class":131},"Android",[117,423,6],{"class":123},[117,425,426],{"class":131},"data",[117,428,6],{"class":123},[117,430,431],{"class":131},"com.company.app",[117,433,6],{"class":123},[117,435,436],{"class":131},"files",[117,438,6],{"class":123},[117,440,441],{"class":131},"save",[117,443,6],{"class":123},[117,445,446],{"class":131},"appdata",[117,448,6],{"class":123},[117,450,451],{"class":131},"save_appdata\n",[96,453,455],{"id":454},"compliant-solution-1-save-a-file-on-internal-storage","Compliant Solution #1 (Save a File on Internal Storage)",[39,457,458,459,462,463,466,467,470],{},"The following code uses the ",[43,460,461],{},"openFileOutput()"," method to create ",[43,464,465],{},"\"myfile\""," in an application data directory with permission set to ",[43,468,469],{},"MODE_PRIVATE"," so that other apps cannot access the file:",[104,472,474],{"quality":473},"good",[108,475,477],{"className":110,"code":476,"language":112,"meta":113,"style":113},"private String filename = \"myfile\"\nprivate String string = \"sensitive data such as credit card number\"\nFileOutputStream fos = null;\n\ntry {\n   fos = openFileOutput(filename, Context.MODE_PRIVATE);\n   fos.write(string.getBytes());\n   fos.close();\n} catch (FileNotFoundException e) {\n  \u002F\u002F handle FileNotFoundException\n} catch (IOException e) {\n  \u002F\u002F handle IOException\n} finally {\n  if (fos != null) {\n    try {\n      fos.close();\n    } catch (IOException e) {\n      \u002F\u002F handle error\n    }\n  }\n}\n",[43,478,479,491,503,515,519,525,538,551,559,573,577,591,595,603,615,621,630,644,648,652,656],{"__ignoreMap":113},[117,480,481,483,485,487,489],{"class":119,"line":120},[117,482,124],{"class":123},[117,484,128],{"class":127},[117,486,132],{"class":131},[117,488,135],{"class":123},[117,490,139],{"class":138},[117,492,493,495,497,499,501],{"class":119,"line":142},[117,494,124],{"class":123},[117,496,128],{"class":127},[117,498,155],{"class":131},[117,500,135],{"class":123},[117,502,160],{"class":138},[117,504,505,507,509,511,513],{"class":119,"line":148},[117,506,166],{"class":127},[117,508,169],{"class":131},[117,510,135],{"class":123},[117,512,175],{"class":174},[117,514,178],{"class":131},[117,516,517],{"class":119,"line":163},[117,518,145],{"emptyLinePlaceholder":7},[117,520,521,523],{"class":119,"line":181},[117,522,189],{"class":123},[117,524,192],{"class":131},[117,526,527,530,532,535],{"class":119,"line":186},[117,528,529],{"class":131},"   fos ",[117,531,135],{"class":123},[117,533,534],{"class":209}," openFileOutput",[117,536,537],{"class":131},"(filename, Context.MODE_PRIVATE);\n",[117,539,540,543,545,547,549],{"class":119,"line":195},[117,541,542],{"class":131},"   fos.",[117,544,250],{"class":209},[117,546,253],{"class":131},[117,548,256],{"class":209},[117,550,259],{"class":131},[117,552,553,555,557],{"class":119,"line":222},[117,554,542],{"class":131},[117,556,353],{"class":209},[117,558,356],{"class":131},[117,560,561,563,565,567,569,571],{"class":119,"line":244},[117,562,265],{"class":131},[117,564,268],{"class":123},[117,566,271],{"class":131},[117,568,274],{"class":127},[117,570,278],{"class":277},[117,572,281],{"class":131},[117,574,575],{"class":119,"line":262},[117,576,288],{"class":287},[117,578,579,581,583,585,587,589],{"class":119,"line":284},[117,580,265],{"class":131},[117,582,268],{"class":123},[117,584,271],{"class":131},[117,586,300],{"class":127},[117,588,278],{"class":277},[117,590,281],{"class":131},[117,592,593],{"class":119,"line":291},[117,594,310],{"class":287},[117,596,597,599,601],{"class":119,"line":307},[117,598,265],{"class":131},[117,600,318],{"class":123},[117,602,192],{"class":131},[117,604,605,607,609,611,613],{"class":119,"line":313},[117,606,326],{"class":123},[117,608,329],{"class":131},[117,610,332],{"class":123},[117,612,175],{"class":174},[117,614,281],{"class":131},[117,616,617,619],{"class":119,"line":323},[117,618,342],{"class":123},[117,620,192],{"class":131},[117,622,623,626,628],{"class":119,"line":339},[117,624,625],{"class":131},"      fos.",[117,627,353],{"class":209},[117,629,356],{"class":131},[117,631,632,634,636,638,640,642],{"class":119,"line":347},[117,633,362],{"class":131},[117,635,268],{"class":123},[117,637,271],{"class":131},[117,639,300],{"class":127},[117,641,278],{"class":277},[117,643,281],{"class":131},[117,645,646],{"class":119,"line":359},[117,647,378],{"class":287},[117,649,650],{"class":119,"line":375},[117,651,384],{"class":131},[117,653,654],{"class":119,"line":381},[117,655,390],{"class":131},[117,657,658],{"class":119,"line":387},[117,659,396],{"class":131},[96,661,663],{"id":662},"compliant-solution-2","Compliant Solution #2",[39,665,666,667,46,672,677,678,683],{},"Securely encrypt the data first, prior to storing it on external storage such as an SD card. A note of caution: many default and non-default behaviors in Android and other cryptographic libraries have been found to use non-secure encryption methods. See ",[74,668,671],{"href":669,"rel":670},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD17-J.+Do+not+use+the+Android+cryptographic+security+provider+encryption+default+for+AES",[83],"DRD17-J",[74,673,676],{"href":674,"rel":675},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD18-J.+Do+not+use+the+default+behavior+in+a+cryptographic+library+if+it+does+not+use+recommended+practices",[83],"DRD18-J"," , and [ ",[74,679,682],{"href":680,"rel":681},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FAA.+References#AA.References-Egele2013",[83],"Egele 2013"," ] for more information.",[96,685,687],{"id":686},"risk-assessment","Risk Assessment",[39,689,690],{},"Storing sensitive information on external storage can leak sensitive information to malicious apps.",[692,693,694,695,694,725],"table",{},"\n  ",[696,697,698,699,694],"thead",{},"\n    ",[700,701,702,703,702,707,702,710,702,713,702,716,702,719,702,722,698],"tr",{},"\n      ",[704,705,706],"th",{},"Rule",[704,708,709],{},"Severity",[704,711,712],{},"Likelihood",[704,714,715],{},"Detectable",[704,717,718],{},"Repairable",[704,720,721],{},"Priority",[704,723,724],{},"Level",[726,727,698,728,694],"tbody",{},[700,729,702,730,702,734,702,737,702,740,702,743,702,745,702,752,698],{},[731,732,733],"td",{},"DRD00",[731,735,736],{},"medium",[731,738,739],{},"probable",[731,741,742],{},"No",[731,744,742],{},[731,746,748],{"style":747},"color: #27ae60;",[749,750,751],"b",{},"P4",[731,753,754],{"style":747},[749,755,756],{},"L3",[96,758,760],{"id":759},"automated-detection","Automated Detection",[39,762,763,764,767],{},"It is possible to automatically detect whether an application writes to external storage. It is not feasible to automatically determine whether such output could be stored internally. At least one automated analysis exists which checks if an Android app follows particular rules for secure encryption [ ",[74,765,682],{"href":680,"rel":766},[83]," ], but those rules are not comprehensive and thus passing the automated checker does not guarantee sound encryption.",[692,769,772],{"className":770},[771],"wrapped",[726,773,774,798],{},[700,775,778,783,788,793],{"className":776},[777],"header",[704,779,780],{},[39,781,782],{},"Tool",[704,784,785],{},[39,786,787],{},"Version",[704,789,790],{},[39,791,792],{},"Checker",[704,794,795],{},[39,796,797],{},"Description",[700,799,802,808,818,829],{"className":800},[801],"odd",[731,803,804],{},[74,805,807],{"href":806},"\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","CodeSonar",[731,809,810],{},[811,812,815],"div",{"className":813},[814],"content-wrapper",[39,816,817],{},"9.0p0",[731,819,820],{},[811,821,823],{"className":822},[814],[39,824,825],{},[826,827,828],"strong",{},"JAVA.MISC.SD.EXT",[731,830,831],{},[39,832,833],{},"Sensitive data written to external storage (Java)",[96,835,837],{"id":836},"related-vulnerabilities","Related Vulnerabilities",[839,840,841,850],"ul",{},[842,843,844,849],"li",{},[74,845,848],{"href":846,"rel":847},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN92038939\u002F",[83],"JVN#92038939"," mixi for Android information management vulnerability",[842,851,852,857],{},[74,853,856],{"href":854,"rel":855},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN05102851\u002F",[83],"JVN#05102851"," Yome Collection for Android issue in management of IMEI",[96,859,861],{"id":860},"related-guidelines","Related Guidelines",[692,863,865,874],{"className":864},[771],[866,867,868,872],"colgroup",{},[869,870],"col",{"style":871},"width: 50%",[869,873],{"style":871},[726,875,876,911,928],{},[700,877,879,890],{"className":878},[801],[731,880,881],{},[39,882,883,889],{},[69,884,885],{},[74,886,888],{"href":887},"https:\u002F\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding_en.pdf","Android Secure Coding Guidebook"," by JSSEC",[731,891,892],{},[39,893,894,895,898,899,901,902,904,905,907,908,910],{},"4.6 Secure File Handling",[896,897],"br",{},"\n4.6.1.4 Handling external storage files",[896,900],{},"\n4.6.2.1 When creating new files, make them private",[896,903],{},"\n4.6.2.2 Don’t create files accessible from other apps with read\u002Fwrite privilege",[896,906],{},"\n4.6.2.3 Minimize the use of files stored in external storage such as SD card",[896,909],{},"\n4.6.2.4 Consider the lifetime of files when designing apps",[700,912,915,923],{"className":913},[914],"even",[731,916,917,918,922],{},"[ ",[74,919,921],{"href":920},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FThe+CERT+Oracle+Secure+Coding+Standard+for+Java","The CERT Oracle Secure Coding Standard for Java"," ]",[731,924,925],{},[74,926,927],{"href":669},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES",[700,929,931,935],{"className":930},[801],[731,932,917,933,922],{},[74,934,921],{"href":920},[731,936,937],{},[74,938,939],{"href":674},"DRD18-J. Do not use the default behavior in a cryptographic library if it does not use recommended practices",[96,941,943],{"id":942},"bibliography","Bibliography",[692,945,946,954],{},[696,947,948],{},[700,949,950,952],{},[704,951],{},[704,953],{},[726,955,956,974,984,1000],{},[700,957,958,964],{},[731,959,917,960,922],{},[74,961,963],{"href":962},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-AndroidAPI13","Android API 2013",[731,965,966],{},[74,967,970,971],{"href":968,"rel":969},"http:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fandroid\u002Fos\u002FEnvironment.html",[83],"Class ",[43,972,973],{},"Environment",[700,975,976,982],{},[731,977,917,978,922],{},[74,979,981],{"href":980},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-JSSEC14","JSSEC 2014",[731,983,894],{},[700,985,986,993],{},[731,987,917,988,922],{},[74,989,992],{"href":990,"rel":991},"http:\u002F\u002Fsource.android.com\u002F",[83],"Source.android.com",[731,994,995],{},[74,996,999],{"href":997,"rel":998},"http:\u002F\u002Fsource.android.com\u002Fdevices\u002Ftech\u002Fstorage\u002F",[83],"External Storage Technical Information",[700,1001,1002,1007],{},[731,1003,917,1004,922],{},[74,1005,682],{"href":680,"rel":1006},[83],[731,1008,1009],{},"An Empirical Study of Cryptographic Misuse in Android Applications",[1011,1012],"hr",{},[39,1014,1015,1022,1023,1022,1028],{},[74,1016,1018],{"href":1017},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=111509535",[1019,1020],"img",{"src":1021},"\u002Fattachments\u002F88487702\u002F88497198.png"," ",[74,1024,1025],{"href":1017},[1019,1026],{"src":1027},"\u002Fattachments\u002F88487702\u002F88497196.png",[74,1029,1031],{"href":1030},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD01-J.+Limit+the+accessibility+to+your+sensitive+content+provider",[1019,1032],{"src":1033},"\u002Fattachments\u002F88487702\u002F88497197.png",[1035,1036,1037],"style",{},"html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sTHNf, html code.shiki .sTHNf{--shiki-default:#E36209;--shiki-default-font-style:inherit;--shiki-dark:#FFAB70;--shiki-dark-font-style:inherit;--shiki-sepia:#FD971F;--shiki-sepia-font-style:italic}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}",{"title":113,"searchDepth":142,"depth":142,"links":1039},[1040,1043,1044,1045,1046,1047,1048,1049],{"id":98,"depth":142,"text":99,"children":1041},[1042],{"id":400,"depth":148,"text":401},{"id":454,"depth":142,"text":455},{"id":662,"depth":142,"text":663},{"id":686,"depth":142,"text":687},{"id":759,"depth":142,"text":760},{"id":836,"depth":142,"text":837},{"id":860,"depth":142,"text":861},{"id":942,"depth":142,"text":943},"Android provides several options to save persistent application data, one of which is External Storage ( \u002Fsdcard , \u002Fmnt\u002Fsdcard ). \"External storage\" examples include a micro- or standard-sized SD card internal to the device, Android device storage mounted to a PC, and the Android\u002Fobb directory.","md",{"tags":1053},[1054,1055,1056,1057,1058],"rule","drd","fio","android-applicable","general","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":30,"description":1050},"3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","HB5gkzsu6naFUzfo4cXaLVfiYyYLfSLh-0IaBhnwW7U",[1064,1068],{"title":1065,"path":1066,"stem":1067,"children":-1},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":1069,"path":1070,"stem":1071,"children":-1},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",[1073],{"title":1074,"path":1075,"stem":1076,"children":1077},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[1078,1079,1129,1385,1482,1544,1566],{"title":1074,"path":1075,"stem":1076},{"title":1080,"path":1081,"stem":1082,"children":1083},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[1084,1085,1107],{"title":1080,"path":1081,"stem":1082},{"title":1086,"path":1087,"stem":1088,"children":1089},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[1090,1091,1095,1099,1103],{"title":1086,"path":1087,"stem":1088},{"title":1092,"path":1093,"stem":1094},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":1096,"path":1097,"stem":1098},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":1100,"path":1101,"stem":1102},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":1104,"path":1105,"stem":1106},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":1108,"path":1109,"stem":1110,"children":1111},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[1112,1113,1117,1121,1125],{"title":1108,"path":1109,"stem":1110},{"title":1114,"path":1115,"stem":1116},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":1118,"path":1119,"stem":1120},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":1122,"path":1123,"stem":1124},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":1126,"path":1127,"stem":1128},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":1130,"path":1131,"stem":1132,"children":1133},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[1134,1135,1139,1143,1165,1169,1190,1194,1198,1202,1206,1227,1231,1235,1239,1257,1261,1265,1269,1273,1299,1313,1317,1321,1343,1347,1351,1355,1359,1363,1367],{"title":1130,"path":1131,"stem":1132},{"title":1136,"path":1137,"stem":1138},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":1140,"path":1141,"stem":1142},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":1144,"path":1145,"stem":1146,"children":1147},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[1148,1149,1153,1157,1161],{"title":1144,"path":1145,"stem":1146},{"title":1150,"path":1151,"stem":1152},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":1154,"path":1155,"stem":1156},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":1158,"path":1159,"stem":1160},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":1162,"path":1163,"stem":1164},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":1166,"path":1167,"stem":1168},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":1170,"path":1171,"stem":1172,"children":1173},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[1174,1175,1178,1182,1186],{"title":1170,"path":1171,"stem":1172},{"title":927,"path":1176,"stem":1177},"\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":1179,"path":1180,"stem":1181},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":1183,"path":1184,"stem":1185},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":1187,"path":1188,"stem":1189},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":1191,"path":1192,"stem":1193},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":1195,"path":1196,"stem":1197},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":1199,"path":1200,"stem":1201},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":1203,"path":1204,"stem":1205},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":1207,"path":1208,"stem":1209,"children":1210},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[1211,1212,1213,1214,1215,1219,1223],{"title":1207,"path":1208,"stem":1209},{"title":1065,"path":1066,"stem":1067},{"title":30,"path":1059,"stem":1061},{"title":1069,"path":1070,"stem":1071},{"title":1216,"path":1217,"stem":1218},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":1220,"path":1221,"stem":1222},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":1224,"path":1225,"stem":1226},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":1228,"path":1229,"stem":1230},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":1232,"path":1233,"stem":1234},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":1236,"path":1237,"stem":1238},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":1240,"path":1241,"stem":1242,"children":1243},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[1244,1245,1249,1253],{"title":1240,"path":1241,"stem":1242},{"title":1246,"path":1247,"stem":1248},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":1250,"path":1251,"stem":1252},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":1254,"path":1255,"stem":1256},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":1258,"path":1259,"stem":1260},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":1262,"path":1263,"stem":1264},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":1266,"path":1267,"stem":1268},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":1270,"path":1271,"stem":1272},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":1274,"path":1275,"stem":1276,"children":1277},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[1278,1279,1283,1287,1291,1295],{"title":1274,"path":1275,"stem":1276},{"title":1280,"path":1281,"stem":1282},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":1284,"path":1285,"stem":1286},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":1288,"path":1289,"stem":1290},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":1292,"path":1293,"stem":1294},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":1296,"path":1297,"stem":1298},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":1300,"path":1301,"stem":1302,"children":1303},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[1304,1305,1309],{"title":1300,"path":1301,"stem":1302},{"title":1306,"path":1307,"stem":1308},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":1310,"path":1311,"stem":1312},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":1314,"path":1315,"stem":1316},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":1318,"path":1319,"stem":1320},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":1322,"path":1323,"stem":1324,"children":1325},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[1326,1327,1331,1335,1339],{"title":1322,"path":1323,"stem":1324},{"title":1328,"path":1329,"stem":1330},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":1332,"path":1333,"stem":1334},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":1336,"path":1337,"stem":1338},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":1340,"path":1341,"stem":1342},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":1344,"path":1345,"stem":1346},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1348,"path":1349,"stem":1350},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1352,"path":1353,"stem":1354},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1356,"path":1357,"stem":1358},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1360,"path":1361,"stem":1362},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1364,"path":1365,"stem":1366},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1368,"path":1369,"stem":1370,"children":1371},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[1372,1373,1377,1381],{"title":1368,"path":1369,"stem":1370},{"title":1374,"path":1375,"stem":1376},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":1378,"path":1379,"stem":1380},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":1382,"path":1383,"stem":1384},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1386,"path":1387,"stem":1388,"children":1389},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1390,1391,1394,1398,1401,1404,1407,1410,1413,1416,1419,1422,1425,1428,1431,1434,1437,1440,1443,1446,1449,1452,1455,1458,1461,1464,1467,1470,1473,1476,1479],{"title":1386,"path":1387,"stem":1388},{"title":1136,"path":1392,"stem":1393},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1395,"path":1396,"stem":1397},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":1144,"path":1399,"stem":1400},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":1166,"path":1402,"stem":1403},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":1170,"path":1405,"stem":1406},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":1191,"path":1408,"stem":1409},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":1195,"path":1411,"stem":1412},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":1199,"path":1414,"stem":1415},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":1203,"path":1417,"stem":1418},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":1207,"path":1420,"stem":1421},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":1228,"path":1423,"stem":1424},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":1232,"path":1426,"stem":1427},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":1236,"path":1429,"stem":1430},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":1240,"path":1432,"stem":1433},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":1258,"path":1435,"stem":1436},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":1262,"path":1438,"stem":1439},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":1266,"path":1441,"stem":1442},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":1270,"path":1444,"stem":1445},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":1274,"path":1447,"stem":1448},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":1300,"path":1450,"stem":1451},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":1314,"path":1453,"stem":1454},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":1318,"path":1456,"stem":1457},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":1322,"path":1459,"stem":1460},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":1344,"path":1462,"stem":1463},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1348,"path":1465,"stem":1466},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1352,"path":1468,"stem":1469},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1356,"path":1471,"stem":1472},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1360,"path":1474,"stem":1475},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1364,"path":1477,"stem":1478},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1368,"path":1480,"stem":1481},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1483,"path":1484,"stem":1485,"children":1486},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1487,1488,1492,1514,1518,1540],{"title":1483,"path":1484,"stem":1485},{"title":1489,"path":1490,"stem":1491},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1493,"path":1494,"stem":1495,"children":1496},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1497,1498,1502,1506,1510],{"title":1493,"path":1494,"stem":1495},{"title":1499,"path":1500,"stem":1501},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1503,"path":1504,"stem":1505},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1507,"path":1508,"stem":1509},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1511,"path":1512,"stem":1513},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1515,"path":1516,"stem":1517},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1519,"path":1520,"stem":1521,"children":1522},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1523,1524,1528,1532,1536],{"title":1519,"path":1520,"stem":1521},{"title":1525,"path":1526,"stem":1527},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1529,"path":1530,"stem":1531},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1533,"path":1534,"stem":1535},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1537,"path":1538,"stem":1539},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1541,"path":1542,"stem":1543},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1545,"path":1546,"stem":1547,"children":1548},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1549,1550,1554],{"title":1545,"path":1546,"stem":1547},{"title":1551,"path":1552,"stem":1553},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1555,"path":1556,"stem":1557,"children":1558},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1559,1560,1562],{"title":1555,"path":1556,"stem":1557},{"title":807,"path":806,"stem":1561},"3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1563,"path":1564,"stem":1565},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1567,"path":1568,"stem":1569,"children":1570},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1571,1572,1576,1580,1584,1588,1592,1596,1600,1604,1608,1612,1616,1620,1624,1628],{"title":1567,"path":1568,"stem":1569},{"title":1573,"path":1574,"stem":1575},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1577,"path":1578,"stem":1579},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1581,"path":1582,"stem":1583},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1585,"path":1586,"stem":1587},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1589,"path":1590,"stem":1591},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1593,"path":1594,"stem":1595},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1597,"path":1598,"stem":1599},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1601,"path":1602,"stem":1603},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1605,"path":1606,"stem":1607},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1609,"path":1610,"stem":1611},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1613,"path":1614,"stem":1615},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1617,"path":1618,"stem":1619},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1621,"path":1622,"stem":1623},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1625,"path":1626,"stem":1627},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1629,"path":1630,"stem":1631},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657823528]