[{"data":1,"prerenderedAt":1650},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j":1078,"sidebar-android-secure-coding-standard":1087},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":1066,"extension":1067,"meta":1068,"navigation":7,"path":1074,"seo":1075,"stem":1076,"__hash__":1077},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j.md","DRD04-J. Do not log sensitive information",{"type":32,"value":33,"toc":1050},"minimark",[34,38,51,56,62,118,123,191,195,202,208,242,248,354,366,369,372,376,379,430,439,442,445,459,469,473,476,811,815,818,826,830,833,888,892,895,898,901,904,907,911,954,958,986,990,1022,1025,1046],[35,36,30],"h1",{"id":37},"drd04-j-do-not-log-sensitive-information",[39,40,41,42,46,47,50],"p",{},"Android provides capabilities for an app to output logging information and obtain log output. Applications can send information to log output using the ",[43,44,45],"code",{},"android.util.Log"," class. To obtain log output, applications can execute the ",[43,48,49],{},"logcat"," command.",[52,53,55],"h2",{"id":54},"to-log-output","To log output",[39,57,58,59,61],{},"The ",[43,60,45],{}," class allows a number of possibilities:",[63,64,65,78],"table",{},[66,67,68],"thead",{},[69,70,71,74,76],"tr",{},[72,73],"th",{},[72,75],{},[72,77],{},[79,80,81,98],"tbody",{},[69,82,83,90,96],{},[84,85,86,89],"td",{},[43,87,88],{},"Log.d"," (Debug)",[84,91,92,95],{},[43,93,94],{},"Log.e"," (Error)",[84,97],{},[69,99,100,106,112],{},[84,101,102,105],{},[43,103,104],{},"Log.i"," (Info)",[84,107,108,111],{},[43,109,110],{},"Log.v"," (Verbose)",[84,113,114,117],{},[43,115,116],{},"Log.w"," (Warn)",[119,120,122],"h3",{"id":121},"example","Example:",[124,125,130],"pre",{"className":126,"code":127,"language":128,"meta":129,"style":129},"language-java shiki shiki-themes github-light github-dark monokai","Log.v(\"method\", Login.TAG + \", account=\" + str1);\nLog.v(\"method\", Login.TAG + \", password=\" + str2);\n","java","",[43,131,132,168],{"__ignoreMap":129},[133,134,137,141,145,148,152,155,159,162,165],"span",{"class":135,"line":136},"line",1,[133,138,140],{"class":139},"sMOD_","Log.",[133,142,144],{"class":143},"srTi1","v",[133,146,147],{"class":139},"(",[133,149,151],{"class":150},"sstjo","\"method\"",[133,153,154],{"class":139},", Login.TAG ",[133,156,158],{"class":157},"sC2Qs","+",[133,160,161],{"class":150}," \", account=\"",[133,163,164],{"class":157}," +",[133,166,167],{"class":139}," str1);\n",[133,169,171,173,175,177,179,181,183,186,188],{"class":135,"line":170},2,[133,172,140],{"class":139},[133,174,144],{"class":143},[133,176,147],{"class":139},[133,178,151],{"class":150},[133,180,154],{"class":139},[133,182,158],{"class":157},[133,184,185],{"class":150}," \", password=\"",[133,187,164],{"class":157},[133,189,190],{"class":139}," str2);\n",[119,192,194],{"id":193},"to-obtain-log-output","To obtain log output",[39,196,197,198,201],{},"Declare ",[43,199,200],{},"READ_LOGS"," permission in the manifest file so that an app can read log output:",[39,203,204,207],{},[43,205,206],{},"AndroidManifest.xml"," :",[124,209,211],{"className":126,"code":210,"language":128,"meta":129,"style":129},"\u003Cuses-permission android:name=\"android.permission.READ_LOGS\"\u002F>\n",[43,212,213],{"__ignoreMap":129},[133,214,215,218,221,224,227,230,233,236,239],{"class":135,"line":136},[133,216,217],{"class":157},"\u003C",[133,219,220],{"class":139},"uses",[133,222,223],{"class":157},"-",[133,225,226],{"class":139},"permission android",[133,228,229],{"class":157},":",[133,231,232],{"class":139},"name",[133,234,235],{"class":157},"=",[133,237,238],{"class":150},"\"android.permission.READ_LOGS\"",[133,240,241],{"class":157},"\u002F>\n",[39,243,244,245,247],{},"Call ",[43,246,49],{}," from an application:",[249,250,252],"code-block",{"quality":251},"good",[124,253,255],{"className":126,"code":254,"language":128,"meta":129,"style":129},"Process mProc = Runtime.getRuntime().exec(\n    new String[]{\"logcat\", \"-d\", \"method:V *:S$Bc`W^(B)\"});\n\nBufferedReader mReader = new BufferedReader(\n    new InputStreamReader(proc.getInputStream()));\n",[43,256,257,283,312,318,337],{"__ignoreMap":129},[133,258,259,263,266,268,271,274,277,280],{"class":135,"line":136},[133,260,262],{"class":261},"sk8M1","Process",[133,264,265],{"class":139}," mProc ",[133,267,235],{"class":157},[133,269,270],{"class":139}," Runtime.",[133,272,273],{"class":143},"getRuntime",[133,275,276],{"class":139},"().",[133,278,279],{"class":143},"exec",[133,281,282],{"class":139},"(\n",[133,284,285,288,292,295,298,301,304,306,309],{"class":135,"line":170},[133,286,287],{"class":157},"    new",[133,289,291],{"class":290},"sq6CD"," String",[133,293,294],{"class":139},"[]{",[133,296,297],{"class":150},"\"logcat\"",[133,299,300],{"class":139},", ",[133,302,303],{"class":150},"\"-d\"",[133,305,300],{"class":139},[133,307,308],{"class":150},"\"method:V *:S$Bc`W^(B)\"",[133,310,311],{"class":139},"});\n",[133,313,315],{"class":135,"line":314},3,[133,316,317],{"emptyLinePlaceholder":7},"\n",[133,319,321,324,327,329,332,335],{"class":135,"line":320},4,[133,322,323],{"class":261},"BufferedReader",[133,325,326],{"class":139}," mReader ",[133,328,235],{"class":157},[133,330,331],{"class":157}," new",[133,333,334],{"class":143}," BufferedReader",[133,336,282],{"class":139},[133,338,340,342,345,348,351],{"class":135,"line":339},5,[133,341,287],{"class":157},[133,343,344],{"class":143}," InputStreamReader",[133,346,347],{"class":139},"(proc.",[133,349,350],{"class":143},"getInputStream",[133,352,353],{"class":139},"()));\n",[39,355,356,357,359,360,362,363,365],{},"Prior to Android 4.0, any application with ",[43,358,200],{}," permission could obtain all the other applications' log output. After Android 4.1, the specification of ",[43,361,200],{}," permission has been changed. Even applications with ",[43,364,200],{}," permission cannot obtain log output from other applications.",[39,367,368],{},"However, by connecting an Android device to a PC, log output from other applications can be obtained.",[39,370,371],{},"Therefore, it is important that applications do not send sensitive information to log output.",[52,373,375],{"id":374},"noncompliant-code-example","Noncompliant Code Example",[39,377,378],{},"Facebook SDK for Android contained the following code which sends Facebook access tokens to log output in plain text format.",[249,380,382],{"quality":381},"bad",[124,383,385],{"className":126,"code":384,"language":128,"meta":129,"style":129},"Log.d(\"Facebook-authorize\", \"Login Success! access_token=\"\n      + getAccessToken() + \" expires=\"\n      + getAccessExpires());\n",[43,386,387,404,420],{"__ignoreMap":129},[133,388,389,391,394,396,399,401],{"class":135,"line":136},[133,390,140],{"class":139},[133,392,393],{"class":143},"d",[133,395,147],{"class":139},[133,397,398],{"class":150},"\"Facebook-authorize\"",[133,400,300],{"class":139},[133,402,403],{"class":150},"\"Login Success! access_token=\"\n",[133,405,406,409,412,415,417],{"class":135,"line":170},[133,407,408],{"class":157},"      +",[133,410,411],{"class":143}," getAccessToken",[133,413,414],{"class":139},"() ",[133,416,158],{"class":157},[133,418,419],{"class":150}," \" expires=\"\n",[133,421,422,424,427],{"class":135,"line":314},[133,423,408],{"class":157},[133,425,426],{"class":143}," getAccessExpires",[133,428,429],{"class":139},"());\n",[39,431,432,433],{},"Source: ",[434,435,436],"a",{"href":436,"rel":437},"http:\u002F\u002Fblog.parse.com\u002F2012\u002F04\u002F10\u002Fdiscovering-a-major-security-hole-in-facebooks-android-sdk\u002F",[438],"nofollow",[52,440,375],{"id":441},"noncompliant-code-example-1",[39,443,444],{},"Here is another example. A weather report for Android sent a user's location data to the log output as follows:",[446,447,448],"blockquote",{},[39,449,450,451,454,455],{},"I\u002FMyWeatherReport( 6483): Re-use MyWeatherReport data",[452,453],"br",{},"\nI\u002F ( 6483): GET JSON: ",[434,456,457],{"href":457,"rel":458},"http:\u002F\u002Fexample.com\u002Fsmart\u002Frepo_piece.cgi?arc=0&lat=26.209026&lon=127.650803&rad=50&dir=-999&lim=52&category=1000",[438],[39,460,461,462,464,465,468],{},"If a user is using Android OS 4.0 or before, other applications with ",[43,463,200],{}," permission can obtain the user's location information without declaring ",[43,466,467],{},"ACCESS_FINE_LOCATION"," permission in the manifest file.",[119,470,472],{"id":471},"proof-of-concept","Proof of Concept",[39,474,475],{},"Example code of obtaining log output from a vulnerable application is as follows:",[249,477,478],{"quality":251},[124,479,481],{"className":126,"code":480,"language":128,"meta":129,"style":129},"final StringBuilder slog = new StringBuilder();\n\ntry {\n  Process mLogcatProc;\n  mLogcatProc = Runtime.getRuntime().exec(new String[]\n      {\"logcat\", \"-d\", \"LoginAsyncTask:I APIClient:I method:V *:S\" });\n\n  BufferedReader reader = new BufferedReader(new InputStreamReader(\n      mLogcatProc.getInputStream()));\n\n  String line;\n  String separator = System.getProperty(\"line.separator\");\n\n  while ((line = reader.readLine()) != null) {\n    slog.append(line);\n    slog.append(separator);\n  }\n  Toast.makeText(this, \"Obtained log information\", Toast.LENGTH_SHORT).show();\n\n} catch (IOException e) {\n  \u002F\u002F handle error\n}\n\nTextView tView = (TextView) findViewById(R.id.logView);\ntView.setText(slog);\n",[43,482,483,503,507,515,523,548,568,573,596,606,611,620,644,649,679,691,701,707,735,740,761,768,774,779,799],{"__ignoreMap":129},[133,484,485,488,491,494,496,498,500],{"class":135,"line":136},[133,486,487],{"class":157},"final",[133,489,490],{"class":261}," StringBuilder",[133,492,493],{"class":139}," slog ",[133,495,235],{"class":157},[133,497,331],{"class":157},[133,499,490],{"class":143},[133,501,502],{"class":139},"();\n",[133,504,505],{"class":135,"line":170},[133,506,317],{"emptyLinePlaceholder":7},[133,508,509,512],{"class":135,"line":314},[133,510,511],{"class":157},"try",[133,513,514],{"class":139}," {\n",[133,516,517,520],{"class":135,"line":320},[133,518,519],{"class":261},"  Process",[133,521,522],{"class":139}," mLogcatProc;\n",[133,524,525,528,530,532,534,536,538,540,543,545],{"class":135,"line":339},[133,526,527],{"class":139},"  mLogcatProc ",[133,529,235],{"class":157},[133,531,270],{"class":139},[133,533,273],{"class":143},[133,535,276],{"class":139},[133,537,279],{"class":143},[133,539,147],{"class":139},[133,541,542],{"class":157},"new",[133,544,291],{"class":290},[133,546,547],{"class":139},"[]\n",[133,549,551,554,556,558,560,562,565],{"class":135,"line":550},6,[133,552,553],{"class":139},"      {",[133,555,297],{"class":150},[133,557,300],{"class":139},[133,559,303],{"class":150},[133,561,300],{"class":139},[133,563,564],{"class":150},"\"LoginAsyncTask:I APIClient:I method:V *:S\"",[133,566,567],{"class":139}," });\n",[133,569,571],{"class":135,"line":570},7,[133,572,317],{"emptyLinePlaceholder":7},[133,574,576,579,582,584,586,588,590,592,594],{"class":135,"line":575},8,[133,577,578],{"class":261},"  BufferedReader",[133,580,581],{"class":139}," reader ",[133,583,235],{"class":157},[133,585,331],{"class":157},[133,587,334],{"class":143},[133,589,147],{"class":139},[133,591,542],{"class":157},[133,593,344],{"class":143},[133,595,282],{"class":139},[133,597,599,602,604],{"class":135,"line":598},9,[133,600,601],{"class":139},"      mLogcatProc.",[133,603,350],{"class":143},[133,605,353],{"class":139},[133,607,609],{"class":135,"line":608},10,[133,610,317],{"emptyLinePlaceholder":7},[133,612,614,617],{"class":135,"line":613},11,[133,615,616],{"class":261},"  String",[133,618,619],{"class":139}," line;\n",[133,621,623,625,628,630,633,636,638,641],{"class":135,"line":622},12,[133,624,616],{"class":261},[133,626,627],{"class":139}," separator ",[133,629,235],{"class":157},[133,631,632],{"class":139}," System.",[133,634,635],{"class":143},"getProperty",[133,637,147],{"class":139},[133,639,640],{"class":150},"\"line.separator\"",[133,642,643],{"class":139},");\n",[133,645,647],{"class":135,"line":646},13,[133,648,317],{"emptyLinePlaceholder":7},[133,650,652,655,658,660,663,666,669,672,676],{"class":135,"line":651},14,[133,653,654],{"class":157},"  while",[133,656,657],{"class":139}," ((line ",[133,659,235],{"class":157},[133,661,662],{"class":139}," reader.",[133,664,665],{"class":143},"readLine",[133,667,668],{"class":139},"()) ",[133,670,671],{"class":157},"!=",[133,673,675],{"class":674},"s7F3e"," null",[133,677,678],{"class":139},") {\n",[133,680,682,685,688],{"class":135,"line":681},15,[133,683,684],{"class":139},"    slog.",[133,686,687],{"class":143},"append",[133,689,690],{"class":139},"(line);\n",[133,692,694,696,698],{"class":135,"line":693},16,[133,695,684],{"class":139},[133,697,687],{"class":143},[133,699,700],{"class":139},"(separator);\n",[133,702,704],{"class":135,"line":703},17,[133,705,706],{"class":139},"  }\n",[133,708,710,713,716,718,722,724,727,730,733],{"class":135,"line":709},18,[133,711,712],{"class":139},"  Toast.",[133,714,715],{"class":143},"makeText",[133,717,147],{"class":139},[133,719,721],{"class":720},"sP7S_","this",[133,723,300],{"class":139},[133,725,726],{"class":150},"\"Obtained log information\"",[133,728,729],{"class":139},", Toast.LENGTH_SHORT).",[133,731,732],{"class":143},"show",[133,734,502],{"class":139},[133,736,738],{"class":135,"line":737},19,[133,739,317],{"emptyLinePlaceholder":7},[133,741,743,746,749,752,755,759],{"class":135,"line":742},20,[133,744,745],{"class":139},"} ",[133,747,748],{"class":157},"catch",[133,750,751],{"class":139}," (",[133,753,754],{"class":261},"IOException",[133,756,758],{"class":757},"sTHNf"," e",[133,760,678],{"class":139},[133,762,764],{"class":135,"line":763},21,[133,765,767],{"class":766},"s8-w5","  \u002F\u002F handle error\n",[133,769,771],{"class":135,"line":770},22,[133,772,773],{"class":139},"}\n",[133,775,777],{"class":135,"line":776},23,[133,778,317],{"emptyLinePlaceholder":7},[133,780,782,785,788,790,793,796],{"class":135,"line":781},24,[133,783,784],{"class":261},"TextView",[133,786,787],{"class":139}," tView ",[133,789,235],{"class":157},[133,791,792],{"class":139}," (TextView) ",[133,794,795],{"class":143},"findViewById",[133,797,798],{"class":139},"(R.id.logView);\n",[133,800,802,805,808],{"class":135,"line":801},25,[133,803,804],{"class":139},"tView.",[133,806,807],{"class":143},"setText",[133,809,810],{"class":139},"(slog);\n",[52,812,814],{"id":813},"applicability","Applicability",[39,816,817],{},"Applications should make sure that they do not send sensitive information to log output. If the app includes a third party library, the developer should make sure that the library does not send sensitive information to log output. One common solution is for an application to declare and use a custom log class, so that log output is automatically turned on\u002Foff based on Debug\u002FRelease. Developers can use ProGuard to delete specific method calls. This assumes that the method contains no side effects.",[39,819,820,821,825],{},"This rule is a special case of ",[434,822,824],{"href":823},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio13-j","FIO13-J. Do not log sensitive information outside a trust boundary"," .",[52,827,829],{"id":828},"risk-assessment","Risk Assessment",[39,831,832],{},"Logging sensitive information can leak sensitive information to malicious apps.",[63,834,835,836,835,863],{},"\n  ",[66,837,838,839,835],{},"\n    ",[69,840,841,842,841,845,841,848,841,851,841,854,841,857,841,860,838],{},"\n      ",[72,843,844],{},"Rule",[72,846,847],{},"Severity",[72,849,850],{},"Likelihood",[72,852,853],{},"Detectable",[72,855,856],{},"Repairable",[72,858,859],{},"Priority",[72,861,862],{},"Level",[79,864,838,865,835],{},[69,866,841,867,841,870,841,873,841,876,841,879,841,881,841,885,838],{},[84,868,869],{},"DRD04-J",[84,871,872],{},"Medium",[84,874,875],{},"Probable",[84,877,878],{},"No",[84,880,878],{},[84,882,884],{"style":883},"color: #27ae60;","P4",[84,886,887],{"style":883},"L3",[52,889,891],{"id":890},"automated-detection","Automated Detection",[39,893,894],{},"Automatic detection of the use of logging facilities trivial. It is not feasible to automatically determine whether the data being logged is sensitive.",[39,896,897],{},"Tool",[39,899,900],{},"Version",[39,902,903],{},"Checker",[39,905,906],{},"Description",[52,908,910],{"id":909},"related-vulnerabilities","Related Vulnerabilities",[912,913,914,922,930,938,946],"ul",{},[915,916,917,918],"li",{},"Facebook SDK for Android: ",[434,919,920],{"href":920,"rel":921},"http:\u002F\u002Freadwrite.com\u002F2012\u002F04\u002F10\u002Fwhat-developers-and-users-can#awesm=~o9iqZAMlUPshPu",[438],[915,923,924,929],{},[434,925,928],{"href":926,"rel":927},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN23328321\u002F",[438],"JVN#23328321"," Puella Magi Madoka Magica iP for Android vulnerable to information disclosure",[915,931,932,937],{},[434,933,936],{"href":934,"rel":935},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN86040029\u002F",[438],"JVN#86040029"," Weathernews Touch for Android stores location information in the system log file",[915,939,940,945],{},[434,941,944],{"href":942,"rel":943},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN33159152\u002F",[438],"JVN#33159152"," Loctouch for Android information management vulnerability",[915,947,948,953],{},[434,949,952],{"href":950,"rel":951},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN56923652\u002F",[438],"JVN#56923652"," Monaca Debugger for Android information management vulnerability",[52,955,957],{"id":956},"related-guidelines","Related Guidelines",[63,959,960,968],{},[66,961,962],{},[69,963,964,966],{},[72,965],{},[72,967],{},[79,969,970],{},[69,971,972,983],{},[84,973,974,982],{},[975,976,977],"em",{},[434,978,981],{"href":979,"rel":980},"http:\u002F\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding_en.pdf",[438],"Android Secure Design \u002F Secure Coding Guidebook"," by JSSEC",[84,984,985],{},"4.8 Outputing log to LogCat",[52,987,989],{"id":988},"bibliography","Bibliography",[63,991,992,1000],{},[66,993,994],{},[69,995,996,998],{},[72,997],{},[72,999],{},[79,1001,1002],{},[69,1003,1004,1020],{},[84,1005,1006,1011,1012,1011,1016],{},[434,1007,1010],{"href":1008,"rel":1009},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding.pdf",[438],"["," ",[434,1013,1015],{"href":1014},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-JSSEC14","JSSEC 2014",[434,1017,1019],{"href":1008,"rel":1018},[438],"]",[84,1021,985],{},[1023,1024],"hr",{},[39,1026,1027,1011,1034,1011,1040],{},[434,1028,1030],{"href":1029},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD03-J.+Do+not+broadcast+sensitive+information+using+an+implicit+intent?showChildren=false&showComments=false",[1031,1032],"img",{"src":1033},"\u002Fattachments\u002F88487702\u002F88497198.png",[434,1035,1037],{"href":1036},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=111509535",[1031,1038],{"src":1039},"\u002Fattachments\u002F88487702\u002F88497196.png",[434,1041,1043],{"href":1042},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD05-J.+Do+not+grant+URI+permissions+on+implicit+intents?showChildren=false&showComments=false",[1031,1044],{"src":1045},"\u002Fattachments\u002F88487702\u002F88497197.png",[1047,1048,1049],"style",{},"html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sP7S_, html code.shiki .sP7S_{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#FD971F}html pre.shiki code .sTHNf, html code.shiki .sTHNf{--shiki-default:#E36209;--shiki-default-font-style:inherit;--shiki-dark:#FFAB70;--shiki-dark-font-style:inherit;--shiki-sepia:#FD971F;--shiki-sepia-font-style:italic}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}",{"title":129,"searchDepth":170,"depth":170,"links":1051},[1052,1056,1057,1060,1061,1062,1063,1064,1065],{"id":54,"depth":170,"text":55,"children":1053},[1054,1055],{"id":121,"depth":314,"text":122},{"id":193,"depth":314,"text":194},{"id":374,"depth":170,"text":375},{"id":441,"depth":170,"text":375,"children":1058},[1059],{"id":471,"depth":314,"text":472},{"id":813,"depth":170,"text":814},{"id":828,"depth":170,"text":829},{"id":890,"depth":170,"text":891},{"id":909,"depth":170,"text":910},{"id":956,"depth":170,"text":957},{"id":988,"depth":170,"text":989},"Android provides capabilities for an app to output logging information and obtain log output. Applications can send information to log output using the android.util.Log class. To obtain log output, applications can execute the logcat command.","md",{"tags":1069},[1070,1071,1072,1073],"android-applicable","rule","drd","fio","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j",{"title":30,"description":1066},"3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j","0WnPx7EWu5Hdv5PTur88bt4D-royKwWymqcgJvK0BYM",[1079,1083],{"title":1080,"path":1081,"stem":1082,"children":-1},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",{"title":1084,"path":1085,"stem":1086,"children":-1},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",[1088],{"title":1089,"path":1090,"stem":1091,"children":1092},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[1093,1094,1144,1401,1498,1560,1584],{"title":1089,"path":1090,"stem":1091},{"title":1095,"path":1096,"stem":1097,"children":1098},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[1099,1100,1122],{"title":1095,"path":1096,"stem":1097},{"title":1101,"path":1102,"stem":1103,"children":1104},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[1105,1106,1110,1114,1118],{"title":1101,"path":1102,"stem":1103},{"title":1107,"path":1108,"stem":1109},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":1111,"path":1112,"stem":1113},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":1115,"path":1116,"stem":1117},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":1119,"path":1120,"stem":1121},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":1123,"path":1124,"stem":1125,"children":1126},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[1127,1128,1132,1136,1140],{"title":1123,"path":1124,"stem":1125},{"title":1129,"path":1130,"stem":1131},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":1133,"path":1134,"stem":1135},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":1137,"path":1138,"stem":1139},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":1141,"path":1142,"stem":1143},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":1145,"path":1146,"stem":1147,"children":1148},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[1149,1150,1154,1158,1180,1184,1206,1210,1214,1218,1222,1243,1247,1251,1255,1273,1277,1281,1285,1289,1315,1329,1333,1337,1359,1363,1367,1371,1375,1379,1383],{"title":1145,"path":1146,"stem":1147},{"title":1151,"path":1152,"stem":1153},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":1155,"path":1156,"stem":1157},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":1159,"path":1160,"stem":1161,"children":1162},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[1163,1164,1168,1172,1176],{"title":1159,"path":1160,"stem":1161},{"title":1165,"path":1166,"stem":1167},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":1169,"path":1170,"stem":1171},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":1173,"path":1174,"stem":1175},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":1177,"path":1178,"stem":1179},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":1181,"path":1182,"stem":1183},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":1185,"path":1186,"stem":1187,"children":1188},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[1189,1190,1194,1198,1202],{"title":1185,"path":1186,"stem":1187},{"title":1191,"path":1192,"stem":1193},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":1195,"path":1196,"stem":1197},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":1199,"path":1200,"stem":1201},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":1203,"path":1204,"stem":1205},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":1207,"path":1208,"stem":1209},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":1211,"path":1212,"stem":1213},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":1215,"path":1216,"stem":1217},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":1219,"path":1220,"stem":1221},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":1080,"path":1081,"stem":1082,"children":1223},[1224,1225,1226,1227,1231,1235,1239],{"title":1080,"path":1081,"stem":1082},{"title":30,"path":1074,"stem":1076},{"title":1084,"path":1085,"stem":1086},{"title":1228,"path":1229,"stem":1230},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":1232,"path":1233,"stem":1234},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":1236,"path":1237,"stem":1238},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":1240,"path":1241,"stem":1242},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":1244,"path":1245,"stem":1246},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":1248,"path":1249,"stem":1250},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":1252,"path":1253,"stem":1254},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":1256,"path":1257,"stem":1258,"children":1259},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[1260,1261,1265,1269],{"title":1256,"path":1257,"stem":1258},{"title":1262,"path":1263,"stem":1264},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":1266,"path":1267,"stem":1268},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":1270,"path":1271,"stem":1272},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":1274,"path":1275,"stem":1276},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":1278,"path":1279,"stem":1280},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":1282,"path":1283,"stem":1284},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":1286,"path":1287,"stem":1288},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":1290,"path":1291,"stem":1292,"children":1293},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[1294,1295,1299,1303,1307,1311],{"title":1290,"path":1291,"stem":1292},{"title":1296,"path":1297,"stem":1298},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":1300,"path":1301,"stem":1302},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":1304,"path":1305,"stem":1306},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":1308,"path":1309,"stem":1310},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":1312,"path":1313,"stem":1314},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":1316,"path":1317,"stem":1318,"children":1319},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[1320,1321,1325],{"title":1316,"path":1317,"stem":1318},{"title":1322,"path":1323,"stem":1324},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":1326,"path":1327,"stem":1328},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":1330,"path":1331,"stem":1332},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":1334,"path":1335,"stem":1336},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":1338,"path":1339,"stem":1340,"children":1341},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[1342,1343,1347,1351,1355],{"title":1338,"path":1339,"stem":1340},{"title":1344,"path":1345,"stem":1346},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":1348,"path":1349,"stem":1350},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":1352,"path":1353,"stem":1354},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":1356,"path":1357,"stem":1358},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":1360,"path":1361,"stem":1362},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1364,"path":1365,"stem":1366},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1368,"path":1369,"stem":1370},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1372,"path":1373,"stem":1374},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1376,"path":1377,"stem":1378},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1380,"path":1381,"stem":1382},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1384,"path":1385,"stem":1386,"children":1387},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[1388,1389,1393,1397],{"title":1384,"path":1385,"stem":1386},{"title":1390,"path":1391,"stem":1392},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":1394,"path":1395,"stem":1396},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":1398,"path":1399,"stem":1400},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1402,"path":1403,"stem":1404,"children":1405},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1406,1407,1410,1414,1417,1420,1423,1426,1429,1432,1435,1438,1441,1444,1447,1450,1453,1456,1459,1462,1465,1468,1471,1474,1477,1480,1483,1486,1489,1492,1495],{"title":1402,"path":1403,"stem":1404},{"title":1151,"path":1408,"stem":1409},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1411,"path":1412,"stem":1413},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":1159,"path":1415,"stem":1416},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":1181,"path":1418,"stem":1419},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":1185,"path":1421,"stem":1422},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":1207,"path":1424,"stem":1425},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":1211,"path":1427,"stem":1428},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":1215,"path":1430,"stem":1431},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":1219,"path":1433,"stem":1434},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":1080,"path":1436,"stem":1437},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":1244,"path":1439,"stem":1440},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":1248,"path":1442,"stem":1443},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":1252,"path":1445,"stem":1446},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":1256,"path":1448,"stem":1449},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":1274,"path":1451,"stem":1452},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":1278,"path":1454,"stem":1455},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":1282,"path":1457,"stem":1458},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":1286,"path":1460,"stem":1461},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":1290,"path":1463,"stem":1464},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":1316,"path":1466,"stem":1467},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":1330,"path":1469,"stem":1470},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":1334,"path":1472,"stem":1473},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":1338,"path":1475,"stem":1476},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":1360,"path":1478,"stem":1479},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1364,"path":1481,"stem":1482},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1368,"path":1484,"stem":1485},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1372,"path":1487,"stem":1488},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1376,"path":1490,"stem":1491},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1380,"path":1493,"stem":1494},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1384,"path":1496,"stem":1497},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1499,"path":1500,"stem":1501,"children":1502},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1503,1504,1508,1530,1534,1556],{"title":1499,"path":1500,"stem":1501},{"title":1505,"path":1506,"stem":1507},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1509,"path":1510,"stem":1511,"children":1512},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1513,1514,1518,1522,1526],{"title":1509,"path":1510,"stem":1511},{"title":1515,"path":1516,"stem":1517},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1519,"path":1520,"stem":1521},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1523,"path":1524,"stem":1525},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1527,"path":1528,"stem":1529},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1531,"path":1532,"stem":1533},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1535,"path":1536,"stem":1537,"children":1538},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1539,1540,1544,1548,1552],{"title":1535,"path":1536,"stem":1537},{"title":1541,"path":1542,"stem":1543},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1545,"path":1546,"stem":1547},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1549,"path":1550,"stem":1551},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1553,"path":1554,"stem":1555},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1557,"path":1558,"stem":1559},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1561,"path":1562,"stem":1563,"children":1564},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1565,1566,1570],{"title":1561,"path":1562,"stem":1563},{"title":1567,"path":1568,"stem":1569},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1571,"path":1572,"stem":1573,"children":1574},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1575,1576,1580],{"title":1571,"path":1572,"stem":1573},{"title":1577,"path":1578,"stem":1579},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1581,"path":1582,"stem":1583},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1585,"path":1586,"stem":1587,"children":1588},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1589,1590,1594,1598,1602,1606,1610,1614,1618,1622,1626,1630,1634,1638,1642,1646],{"title":1585,"path":1586,"stem":1587},{"title":1591,"path":1592,"stem":1593},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1595,"path":1596,"stem":1597},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1599,"path":1600,"stem":1601},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1603,"path":1604,"stem":1605},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1607,"path":1608,"stem":1609},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1611,"path":1612,"stem":1613},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1615,"path":1616,"stem":1617},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1619,"path":1620,"stem":1621},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1623,"path":1624,"stem":1625},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1627,"path":1628,"stem":1629},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1631,"path":1632,"stem":1633},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1635,"path":1636,"stem":1637},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1639,"path":1640,"stem":1641},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1643,"path":1644,"stem":1645},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1647,"path":1648,"stem":1649},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657823531]