[{"data":1,"prerenderedAt":1781},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j":1209,"sidebar-android-secure-coding-standard":1218},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":1197,"extension":1198,"meta":1199,"navigation":7,"path":1205,"seo":1206,"stem":1207,"__hash__":1208},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j.md","DRD03-J. Do not broadcast sensitive information using an implicit intent",{"type":32,"value":33,"toc":1186},"minimark",[34,38,47,71,84,87,92,99,118,129,132,135,154,159,189,447,450,678,683,686,869,873,880,890,959,963,966,1027,1031,1040,1043,1046,1049,1052,1056,1074,1078,1105,1109,1157,1160,1182],[35,36,30],"h1",{"id":37},"drd03-j-do-not-broadcast-sensitive-information-using-an-implicit-intent",[39,40,41,42,46],"p",{},"Android applications' core components such as activities, services, and broadcast receivers are activated through messages, called ",[43,44,45],"em",{},"intents"," . Applications can use broadcast to send messages to multiple applications (i.e., notification of events to an indefinite number of apps). Also, an application can receive a broadcast intent sent by the system.",[39,48,49,50,54,55,58,59,62,63,66,67,70],{},"To broadcast an intent it is passed to ",[51,52,53],"code",{},"Context.sendBroadcast()"," to be transmitted and interested receivers can receive the intent, dynamically registering themselves by calling ",[51,56,57],{},"Context.registerReceiver()"," with the specified ",[51,60,61],{},"intentFilter"," as an argument. Alternatively, receivers can be statically registered by defining the ",[51,64,65],{},"\u003Creceiver>"," tag in the ",[51,68,69],{},"AndroidManifest.xml"," file.",[39,72,73,74,79,80,83],{},"Chin, et al., [ ",[75,76,78],"a",{"href":77},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-Chin11","Chin 2011"," ] say: \" ",[43,81,82],{},"Broadcasts can be vulnerable to passive eavesdropping or active denial of service attacks. ... Eavesdropping is a risk whenever an application sends a public broadcast. (A public broadcast is an implicit Intent that is not protected by a Signature or SignatureOrSystem permission.) A malicious Broadcast Receiver could eavesdrop on all public broadcasts from all applications by creating an Intent lter that lists all possible actions, data, and categories. There is no indication to the sender or user that the broadcast has been read. Sticky broadcasts are particularly at risk for eavesdropping because they persist and are re-broadcast to new Receivers; consequently, there is a large temporal window for a sticky broadcast Intent to be read. Additionally, sticky broadcasts cannot be protected by permissions."," \"",[39,85,86],{},"Furthermore, if the broadcast is an ordered broadcast then a malicious app could register itself with a high priority so as to receive the broadcast first. Then, it could either cancel the broadcast preventing it from being propagated further, thereby causing a denial of service, or it could inject a malicious data result into the broadcast that is ultimately returned to the sender.",[39,88,73,89,91],{},[75,90,78],{"href":77}," ] also warn against activity and service hijacking resulting from implicit intents. A malicious activity or service can intercept an implicit intent and be started in place of the intended activity or service. This could result in the interception of data or in a denial of service.",[39,93,94,95,98],{},"When ",[51,96,97],{},"sendBroadcast()"," is used, normally any other application, including a malicious application, can receive the broadcast.",[39,100,101,102,105,106,110,111,117],{},"This facilitates ",[43,103,104],{},"intent sniffing"," , see [ ",[75,107,109],{"href":108},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-viaForensics14","viaForensics 2014"," ] ",[75,112,116],{"href":113,"rel":114},"https:\u002F\u002Fviaforensics.com\u002Fresources\u002Freports\u002Fbest-practices-ios-android-secure-mobile-development\u002Fandroid-intent-sniffing\u002F",[115],"nofollow","26. Android: avoid intent sniffing"," .",[39,119,120,121,124,125,128],{},"Therefore, receivers of broadcast intents should be restricted. One way to restrict receivers is to use an explicit intent. An explicit intent can specify a component (using ",[51,122,123],{},"setComponent(ComponentName)"," ) or a class (using ",[51,126,127],{},"  setClass(Context, Class) "," ) so that only the specified component or class can resolve the intent.",[39,130,131],{},"It is also possible to restrict the receivers of intents by using permissions, as described below. Alternatively, starting with the Android version ICE_CREAM_SANDWICH (Android API version 4.0), you can also safely restrict the broadcast to a single application by using Intent.setPackage().",[39,133,134],{},"Yet another approach is to use the LocalBroadcastManager class. Using this class, the intent broadcast never goes outside of the current process. According to the Android API Reference, LocalBroadcastManager has a number of advantages over Context.sendBroadcast(Intent):",[136,137,138,144,149],"ul",{},[139,140,141],"li",{},[43,142,143],{},"You know that the data you are broadcasting won't leave your app, so don't need to worry about leaking private data.",[139,145,146],{},[43,147,148],{},"It is not possible for other applications to send these broadcasts to your app, so you don't need to worry about having security holes they can exploit.",[139,150,151],{},[43,152,153],{},"It is more efficient than sending a global broadcast through the system.",[155,156,158],"h2",{"id":157},"noncompliant-code-example","Noncompliant Code Example",[39,160,161,162,165,166,169,170,173,174,177,178,181,182,185,186,188],{},"This noncompliant code example shows an application ( ",[51,163,164],{},"com\u002Fsample\u002FServerService.java"," ) with a vulnerable method ",[51,167,168],{},"d()"," using an implicit intent ",[51,171,172],{},"v1"," as an argument to ",[51,175,176],{},"this.sendBroadcast()"," to broadcast the intent. The intent includes such sensitive information as the device's IP address ( ",[51,179,180],{},"local_ip"," ), the port number ( ",[51,183,184],{},"port"," ), and the password to connect to the device ( ",[51,187,51],{}," ).",[190,191,193],"code-block",{"quality":192},"bad",[194,195,200],"pre",{"className":196,"code":197,"language":198,"meta":199,"style":199},"language-java shiki shiki-themes github-light github-dark monokai","public class ServerService extends Service {\n  \u002F\u002F ...\n  private void d() {\n    \u002F\u002F ...\n    Intent v1 = new Intent();\n    v1.setAction(\"com.sample.action.server_running\");\n    v1.putExtra(\"local_ip\", v0.h);\n    v1.putExtra(\"port\", v0.i);\n    v1.putExtra(\"code\", v0.g);\n    v1.putExtra(\"connected\", v0.s);\n    v1.putExtra(\"pwd_predefined\", v0.r);\n    if (!TextUtils.isEmpty(v0.t)) {\n      v1.putExtra(\"connected_usr\", v0.t);\n    }\n  }\n  this.sendBroadcast(v1);\n}\n","java","",[51,201,202,229,236,253,259,281,300,316,331,346,361,376,397,413,419,425,441],{"__ignoreMap":199},[203,204,207,211,214,218,221,225],"span",{"class":205,"line":206},"line",1,[203,208,210],{"class":209},"sC2Qs","public",[203,212,213],{"class":209}," class",[203,215,217],{"class":216},"sz2Vg"," ServerService",[203,219,220],{"class":209}," extends",[203,222,224],{"class":223},"s30JN"," Service",[203,226,228],{"class":227},"sMOD_"," {\n",[203,230,232],{"class":205,"line":231},2,[203,233,235],{"class":234},"s8-w5","  \u002F\u002F ...\n",[203,237,239,242,246,250],{"class":205,"line":238},3,[203,240,241],{"class":209},"  private",[203,243,245],{"class":244},"sq6CD"," void",[203,247,249],{"class":248},"srTi1"," d",[203,251,252],{"class":227},"() {\n",[203,254,256],{"class":205,"line":255},4,[203,257,258],{"class":234},"    \u002F\u002F ...\n",[203,260,262,266,269,272,275,278],{"class":205,"line":261},5,[203,263,265],{"class":264},"sk8M1","    Intent",[203,267,268],{"class":227}," v1 ",[203,270,271],{"class":209},"=",[203,273,274],{"class":209}," new",[203,276,277],{"class":248}," Intent",[203,279,280],{"class":227},"();\n",[203,282,284,287,290,293,297],{"class":205,"line":283},6,[203,285,286],{"class":227},"    v1.",[203,288,289],{"class":248},"setAction",[203,291,292],{"class":227},"(",[203,294,296],{"class":295},"sstjo","\"com.sample.action.server_running\"",[203,298,299],{"class":227},");\n",[203,301,303,305,308,310,313],{"class":205,"line":302},7,[203,304,286],{"class":227},[203,306,307],{"class":248},"putExtra",[203,309,292],{"class":227},[203,311,312],{"class":295},"\"local_ip\"",[203,314,315],{"class":227},", v0.h);\n",[203,317,319,321,323,325,328],{"class":205,"line":318},8,[203,320,286],{"class":227},[203,322,307],{"class":248},[203,324,292],{"class":227},[203,326,327],{"class":295},"\"port\"",[203,329,330],{"class":227},", v0.i);\n",[203,332,334,336,338,340,343],{"class":205,"line":333},9,[203,335,286],{"class":227},[203,337,307],{"class":248},[203,339,292],{"class":227},[203,341,342],{"class":295},"\"code\"",[203,344,345],{"class":227},", v0.g);\n",[203,347,349,351,353,355,358],{"class":205,"line":348},10,[203,350,286],{"class":227},[203,352,307],{"class":248},[203,354,292],{"class":227},[203,356,357],{"class":295},"\"connected\"",[203,359,360],{"class":227},", v0.s);\n",[203,362,364,366,368,370,373],{"class":205,"line":363},11,[203,365,286],{"class":227},[203,367,307],{"class":248},[203,369,292],{"class":227},[203,371,372],{"class":295},"\"pwd_predefined\"",[203,374,375],{"class":227},", v0.r);\n",[203,377,379,382,385,388,391,394],{"class":205,"line":378},12,[203,380,381],{"class":209},"    if",[203,383,384],{"class":227}," (",[203,386,387],{"class":209},"!",[203,389,390],{"class":227},"TextUtils.",[203,392,393],{"class":248},"isEmpty",[203,395,396],{"class":227},"(v0.t)) {\n",[203,398,400,403,405,407,410],{"class":205,"line":399},13,[203,401,402],{"class":227},"      v1.",[203,404,307],{"class":248},[203,406,292],{"class":227},[203,408,409],{"class":295},"\"connected_usr\"",[203,411,412],{"class":227},", v0.t);\n",[203,414,416],{"class":205,"line":415},14,[203,417,418],{"class":227},"    }\n",[203,420,422],{"class":205,"line":421},15,[203,423,424],{"class":227},"  }\n",[203,426,428,431,434,436,439],{"class":205,"line":427},16,[203,429,430],{"class":227},"  this.",[203,432,433],{"class":248},"sendBroadcast",[203,435,292],{"class":227},[203,437,172],{"class":438},"sTHNf",[203,440,299],{"class":227},[203,442,444],{"class":205,"line":443},17,[203,445,446],{"class":227},"}\n",[39,448,449],{},"An application could receive the broadcast message by using a broadcast receiver as follows:",[194,451,453],{"className":196,"code":452,"language":198,"meta":199,"style":199},"final class MyReceiver extends BroadcastReceiver {\n  public final void onReceive(Context context, Intent intent) {\n    if (intent != null && intent.getAction() != null) {\n      String s = intent.getAction();\n      if (s.equals(\"com.sample.action.server_running\") {\n        String ip = intent.getStringExtra(\"local_ip\");\n        String pwd = intent.getStringExtra(\"code\");\n        String port = intent.getIntExtra(\"port\", 8888);\n        boolean status = intent.getBooleanExtra(\"connected\", false);\n      }\n    }\n  }\n}\n",[51,454,455,472,505,537,553,570,591,610,635,661,666,670,674],{"__ignoreMap":199},[203,456,457,460,462,465,467,470],{"class":205,"line":206},[203,458,459],{"class":209},"final",[203,461,213],{"class":209},[203,463,464],{"class":216}," MyReceiver",[203,466,220],{"class":209},[203,468,469],{"class":223}," BroadcastReceiver",[203,471,228],{"class":227},[203,473,474,477,480,482,485,487,490,493,496,499,502],{"class":205,"line":231},[203,475,476],{"class":209},"  public",[203,478,479],{"class":209}," final",[203,481,245],{"class":244},[203,483,484],{"class":248}," onReceive",[203,486,292],{"class":227},[203,488,489],{"class":264},"Context",[203,491,492],{"class":438}," context",[203,494,495],{"class":227},", ",[203,497,498],{"class":264},"Intent",[203,500,501],{"class":438}," intent",[203,503,504],{"class":227},") {\n",[203,506,507,509,512,515,519,522,525,528,531,533,535],{"class":205,"line":238},[203,508,381],{"class":209},[203,510,511],{"class":227}," (intent ",[203,513,514],{"class":209},"!=",[203,516,518],{"class":517},"s7F3e"," null",[203,520,521],{"class":209}," &&",[203,523,524],{"class":227}," intent.",[203,526,527],{"class":248},"getAction",[203,529,530],{"class":227},"() ",[203,532,514],{"class":209},[203,534,518],{"class":517},[203,536,504],{"class":227},[203,538,539,542,545,547,549,551],{"class":205,"line":255},[203,540,541],{"class":264},"      String",[203,543,544],{"class":227}," s ",[203,546,271],{"class":209},[203,548,524],{"class":227},[203,550,527],{"class":248},[203,552,280],{"class":227},[203,554,555,558,561,564,566,568],{"class":205,"line":261},[203,556,557],{"class":209},"      if",[203,559,560],{"class":227}," (s.",[203,562,563],{"class":248},"equals",[203,565,292],{"class":227},[203,567,296],{"class":295},[203,569,504],{"class":227},[203,571,572,575,578,580,582,585,587,589],{"class":205,"line":283},[203,573,574],{"class":264},"        String",[203,576,577],{"class":227}," ip ",[203,579,271],{"class":209},[203,581,524],{"class":227},[203,583,584],{"class":248},"getStringExtra",[203,586,292],{"class":227},[203,588,312],{"class":295},[203,590,299],{"class":227},[203,592,593,595,598,600,602,604,606,608],{"class":205,"line":302},[203,594,574],{"class":264},[203,596,597],{"class":227}," pwd ",[203,599,271],{"class":209},[203,601,524],{"class":227},[203,603,584],{"class":248},[203,605,292],{"class":227},[203,607,342],{"class":295},[203,609,299],{"class":227},[203,611,612,614,617,619,621,624,626,628,630,633],{"class":205,"line":318},[203,613,574],{"class":264},[203,615,616],{"class":227}," port ",[203,618,271],{"class":209},[203,620,524],{"class":227},[203,622,623],{"class":248},"getIntExtra",[203,625,292],{"class":227},[203,627,327],{"class":295},[203,629,495],{"class":227},[203,631,632],{"class":517},"8888",[203,634,299],{"class":227},[203,636,637,640,643,645,647,650,652,654,656,659],{"class":205,"line":333},[203,638,639],{"class":244},"        boolean",[203,641,642],{"class":227}," status ",[203,644,271],{"class":209},[203,646,524],{"class":227},[203,648,649],{"class":248},"getBooleanExtra",[203,651,292],{"class":227},[203,653,357],{"class":295},[203,655,495],{"class":227},[203,657,658],{"class":517},"false",[203,660,299],{"class":227},[203,662,663],{"class":205,"line":348},[203,664,665],{"class":227},"      }\n",[203,667,668],{"class":205,"line":363},[203,669,418],{"class":227},[203,671,672],{"class":205,"line":378},[203,673,424],{"class":227},[203,675,676],{"class":205,"line":399},[203,677,446],{"class":227},[679,680,682],"h3",{"id":681},"proof-of-concept","Proof of Concept",[39,684,685],{},"An attacker can implement a broadcast receiver to receive the implicit intent sent by the vulnerable application:",[194,687,689],{"className":196,"code":688,"language":198,"meta":199,"style":199},"public class BcReceiv extends BroadcastReceiver {\n  @Override\n  public void onReceive(Context context, Intent intent){\n    \n    String s = null;\n    if (intent.getAction().equals(\"com.sample.action.server_running\")){\n      String pwd = intent.getStringExtra(\"connected\");\n      s = \"Airdroid  => [\" + pwd + \"]\u002F\" + intent.getExtras();\n    }\n    Toast.makeText(context, String.format(\"%s Received\", s),\n                   Toast.LENGTH_SHORT).show();\n  }\n}\n",[51,690,691,706,714,737,742,756,777,795,825,829,851,861,865],{"__ignoreMap":199},[203,692,693,695,697,700,702,704],{"class":205,"line":206},[203,694,210],{"class":209},[203,696,213],{"class":209},[203,698,699],{"class":216}," BcReceiv",[203,701,220],{"class":209},[203,703,469],{"class":223},[203,705,228],{"class":227},[203,707,708,711],{"class":205,"line":231},[203,709,710],{"class":227},"  @",[203,712,713],{"class":244},"Override\n",[203,715,716,718,720,722,724,726,728,730,732,734],{"class":205,"line":238},[203,717,476],{"class":209},[203,719,245],{"class":244},[203,721,484],{"class":248},[203,723,292],{"class":227},[203,725,489],{"class":264},[203,727,492],{"class":438},[203,729,495],{"class":227},[203,731,498],{"class":264},[203,733,501],{"class":438},[203,735,736],{"class":227},"){\n",[203,738,739],{"class":205,"line":255},[203,740,741],{"class":227},"    \n",[203,743,744,747,749,751,753],{"class":205,"line":261},[203,745,746],{"class":264},"    String",[203,748,544],{"class":227},[203,750,271],{"class":209},[203,752,518],{"class":517},[203,754,755],{"class":227},";\n",[203,757,758,760,763,765,768,770,772,774],{"class":205,"line":283},[203,759,381],{"class":209},[203,761,762],{"class":227}," (intent.",[203,764,527],{"class":248},[203,766,767],{"class":227},"().",[203,769,563],{"class":248},[203,771,292],{"class":227},[203,773,296],{"class":295},[203,775,776],{"class":227},")){\n",[203,778,779,781,783,785,787,789,791,793],{"class":205,"line":302},[203,780,541],{"class":264},[203,782,597],{"class":227},[203,784,271],{"class":209},[203,786,524],{"class":227},[203,788,584],{"class":248},[203,790,292],{"class":227},[203,792,357],{"class":295},[203,794,299],{"class":227},[203,796,797,800,802,805,808,810,813,816,818,820,823],{"class":205,"line":318},[203,798,799],{"class":227},"      s ",[203,801,271],{"class":209},[203,803,804],{"class":295}," \"Airdroid  => [\"",[203,806,807],{"class":209}," +",[203,809,597],{"class":227},[203,811,812],{"class":209},"+",[203,814,815],{"class":295}," \"]\u002F\"",[203,817,807],{"class":209},[203,819,524],{"class":227},[203,821,822],{"class":248},"getExtras",[203,824,280],{"class":227},[203,826,827],{"class":205,"line":333},[203,828,418],{"class":227},[203,830,831,834,837,840,843,845,848],{"class":205,"line":348},[203,832,833],{"class":227},"    Toast.",[203,835,836],{"class":248},"makeText",[203,838,839],{"class":227},"(context, String.",[203,841,842],{"class":248},"format",[203,844,292],{"class":227},[203,846,847],{"class":295},"\"%s Received\"",[203,849,850],{"class":227},", s),\n",[203,852,853,856,859],{"class":205,"line":363},[203,854,855],{"class":227},"                   Toast.LENGTH_SHORT).",[203,857,858],{"class":248},"show",[203,860,280],{"class":227},[203,862,863],{"class":205,"line":378},[203,864,424],{"class":227},[203,866,867],{"class":205,"line":399},[203,868,446],{"class":227},[155,870,872],{"id":871},"compliant-solution","Compliant Solution",[39,874,875,876,879],{},"If the intent is only broadcast\u002Freceived in the same application, ",[51,877,878],{},"LocalBroadcastManager"," can be used so that, by design, other apps cannot received the broadcast message, which reduces the risk of leaking sensitive information.",[39,881,882,883,885,886,889],{},"Instead of using ",[51,884,53],{}," , use ",[51,887,888],{},"LocalBroadcastManager.sendBroadcast()"," :",[190,891,893],{"quality":892},"good",[194,894,896],{"className":196,"code":895,"language":198,"meta":199,"style":199},"Intent intent = new Intent(\"my-sensitive-event\");\nintent.putExtra(\"event\", \"this is a test event\");\nLocalBroadcastManager.getInstance(this).sendBroadcast(intent);\n",[51,897,898,918,937],{"__ignoreMap":199},[203,899,900,902,905,907,909,911,913,916],{"class":205,"line":206},[203,901,498],{"class":264},[203,903,904],{"class":227}," intent ",[203,906,271],{"class":209},[203,908,274],{"class":209},[203,910,277],{"class":248},[203,912,292],{"class":227},[203,914,915],{"class":295},"\"my-sensitive-event\"",[203,917,299],{"class":227},[203,919,920,923,925,927,930,932,935],{"class":205,"line":231},[203,921,922],{"class":227},"intent.",[203,924,307],{"class":248},[203,926,292],{"class":227},[203,928,929],{"class":295},"\"event\"",[203,931,495],{"class":227},[203,933,934],{"class":295},"\"this is a test event\"",[203,936,299],{"class":227},[203,938,939,942,945,947,951,954,956],{"class":205,"line":238},[203,940,941],{"class":227},"LocalBroadcastManager.",[203,943,944],{"class":248},"getInstance",[203,946,292],{"class":227},[203,948,950],{"class":949},"sP7S_","this",[203,952,953],{"class":227},").",[203,955,433],{"class":248},[203,957,958],{"class":227},"(intent);\n",[155,960,962],{"id":961},"risk-assessment","Risk Assessment",[39,964,965],{},"Using an implicit intent can leak sensitive information to malicious apps or result in denial of service.",[967,968,969,970,969,1000],"table",{},"\n  ",[971,972,973,974,969],"thead",{},"\n    ",[975,976,977,978,977,982,977,985,977,988,977,991,977,994,977,997,973],"tr",{},"\n      ",[979,980,981],"th",{},"Rule",[979,983,984],{},"Severity",[979,986,987],{},"Likelihood",[979,989,990],{},"Detectable",[979,992,993],{},"Repairable",[979,995,996],{},"Priority",[979,998,999],{},"Level",[1001,1002,973,1003,969],"tbody",{},[975,1004,977,1005,977,1009,977,1012,977,1015,977,1018,977,1020,977,1024,973],{},[1006,1007,1008],"td",{},"DRD03-J",[1006,1010,1011],{},"Medium",[1006,1013,1014],{},"Probable",[1006,1016,1017],{},"No",[1006,1019,1017],{},[1006,1021,1023],{"style":1022},"color: #27ae60;","P4",[1006,1025,1026],{"style":1022},"L3",[155,1028,1030],{"id":1029},"automated-detection","Automated Detection",[39,1032,1033,1034,1036,1037,1039],{},"Automatic detection of the use of ",[51,1035,53],{}," is trivial. It is not feasible to automatically determine whether ",[51,1038,888],{}," can be used instead.",[39,1041,1042],{},"Tool",[39,1044,1045],{},"Version",[39,1047,1048],{},"Checker",[39,1050,1051],{},"Description",[155,1053,1055],{"id":1054},"related-vulnerabilities","Related Vulnerabilities",[136,1057,1058,1066],{},[139,1059,1060,1065],{},[75,1061,1064],{"href":1062,"rel":1063},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN67435981\u002F",[115],"JVN#67435981"," LINE for Android vulnerable in handling of implicit intents",[139,1067,1068,1073],{},[75,1069,1072],{"href":1070,"rel":1071},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN42625179\u002F",[115],"JVN#42625179"," Loctouch for Android vulnerable in handling of implicit intents",[155,1075,1077],{"id":1076},"related-guidelines","Related Guidelines",[967,1079,1080,1088],{},[971,1081,1082],{},[975,1083,1084,1086],{},[979,1085],{},[979,1087],{},[1001,1089,1090],{},[975,1091,1092,1102],{},[1006,1093,1094,1101],{},[43,1095,1096],{},[75,1097,1100],{"href":1098,"rel":1099},"http:\u002F\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding_en.pdf",[115],"Android Secure Design \u002F Secure Coding Guidebook"," by JSSEC",[1006,1103,1104],{},"4.2.2.5. When sending sensitive information with a broadcast, limit the receivable receiver",[155,1106,1108],{"id":1107},"bibliography","Bibliography",[967,1110,1111,1119],{},[971,1112,1113],{},[975,1114,1115,1117],{},[979,1116],{},[979,1118],{},[1001,1120,1121,1136,1146],{},[975,1122,1123,1129],{},[1006,1124,1125,1126,1128],{},"[ ",[75,1127,78],{"href":77}," ]",[1006,1130,1131],{},[75,1132,1135],{"href":1133,"rel":1134},"http:\u002F\u002Fwww.cs.berkeley.edu\u002F%7Eafelt\u002Fintentsecurity-mobisys.pdf",[115],"Analyzing Inter-Application Communication in Android",[975,1137,1138,1144],{},[1006,1139,1125,1140,1128],{},[75,1141,1143],{"href":1142},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-JSSEC14","JSSEC 2014",[1006,1145,1104],{},[975,1147,1148,1152],{},[1006,1149,1125,1150,1128],{},[75,1151,109],{"href":108},[1006,1153,1154],{},[75,1155,116],{"href":113,"rel":1156},[115],[1158,1159],"hr",{},[39,1161,1162,1169,1170,1169,1176],{},[75,1163,1165],{"href":1164},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD02-J.+Do+not+allow+WebView+to+access+sensitive+local+resource+through+file+scheme?showChildren=false&showComments=false",[1166,1167],"img",{"src":1168},"\u002Fattachments\u002F88487702\u002F88497198.png"," ",[75,1171,1173],{"href":1172},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=111509535",[1166,1174],{"src":1175},"\u002Fattachments\u002F88487702\u002F88497196.png",[75,1177,1179],{"href":1178},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD04-J.+Do+not+log+sensitive+information?showChildren=false&showComments=false",[1166,1180],{"src":1181},"\u002Fattachments\u002F88487702\u002F88497197.png",[1183,1184,1185],"style",{},"html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sz2Vg, html code.shiki .sz2Vg{--shiki-default:#6F42C1;--shiki-default-text-decoration:inherit;--shiki-dark:#B392F0;--shiki-dark-text-decoration:inherit;--shiki-sepia:#A6E22E;--shiki-sepia-text-decoration:underline}html pre.shiki code .s30JN, html code.shiki .s30JN{--shiki-default:#6F42C1;--shiki-default-font-style:inherit;--shiki-default-text-decoration:inherit;--shiki-dark:#B392F0;--shiki-dark-font-style:inherit;--shiki-dark-text-decoration:inherit;--shiki-sepia:#A6E22E;--shiki-sepia-font-style:italic;--shiki-sepia-text-decoration:underline}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .sTHNf, html code.shiki .sTHNf{--shiki-default:#E36209;--shiki-default-font-style:inherit;--shiki-dark:#FFAB70;--shiki-dark-font-style:inherit;--shiki-sepia:#FD971F;--shiki-sepia-font-style:italic}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sP7S_, html code.shiki .sP7S_{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#FD971F}",{"title":199,"searchDepth":231,"depth":231,"links":1187},[1188,1191,1192,1193,1194,1195,1196],{"id":157,"depth":231,"text":158,"children":1189},[1190],{"id":681,"depth":238,"text":682},{"id":871,"depth":231,"text":872},{"id":961,"depth":231,"text":962},{"id":1029,"depth":231,"text":1030},{"id":1054,"depth":231,"text":1055},{"id":1076,"depth":231,"text":1077},{"id":1107,"depth":231,"text":1108},"Android applications' core components such as activities, services, and broadcast receivers are activated through messages, called intents . Applications can use broadcast to send messages to multiple applications (i.e., notification of events to an indefinite number of apps). Also, an application can receive a broadcast intent sent by the system.","md",{"tags":1200},[1201,1202,1203,1204],"android-applicable","itt","drd","rule","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j",{"title":30,"description":1197},"3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j","QSfUYeGHLO2N4k4Q1upOLvx4nmIsICyMZLRLr9z6gYo",[1210,1214],{"title":1211,"path":1212,"stem":1213,"children":-1},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",{"title":1215,"path":1216,"stem":1217,"children":-1},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",[1219],{"title":1220,"path":1221,"stem":1222,"children":1223},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[1224,1225,1275,1532,1629,1691,1715],{"title":1220,"path":1221,"stem":1222},{"title":1226,"path":1227,"stem":1228,"children":1229},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[1230,1231,1253],{"title":1226,"path":1227,"stem":1228},{"title":1232,"path":1233,"stem":1234,"children":1235},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[1236,1237,1241,1245,1249],{"title":1232,"path":1233,"stem":1234},{"title":1238,"path":1239,"stem":1240},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":1242,"path":1243,"stem":1244},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":1246,"path":1247,"stem":1248},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":1250,"path":1251,"stem":1252},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":1254,"path":1255,"stem":1256,"children":1257},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[1258,1259,1263,1267,1271],{"title":1254,"path":1255,"stem":1256},{"title":1260,"path":1261,"stem":1262},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":1264,"path":1265,"stem":1266},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":1268,"path":1269,"stem":1270},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":1272,"path":1273,"stem":1274},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":1276,"path":1277,"stem":1278,"children":1279},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[1280,1281,1285,1289,1311,1315,1337,1341,1345,1349,1353,1383,1387,1391,1395,1404,1408,1412,1416,1420,1446,1460,1464,1468,1490,1494,1498,1502,1506,1510,1514],{"title":1276,"path":1277,"stem":1278},{"title":1282,"path":1283,"stem":1284},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":1286,"path":1287,"stem":1288},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":1290,"path":1291,"stem":1292,"children":1293},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[1294,1295,1299,1303,1307],{"title":1290,"path":1291,"stem":1292},{"title":1296,"path":1297,"stem":1298},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":1300,"path":1301,"stem":1302},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":1304,"path":1305,"stem":1306},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":1308,"path":1309,"stem":1310},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":1312,"path":1313,"stem":1314},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":1316,"path":1317,"stem":1318,"children":1319},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[1320,1321,1325,1329,1333],{"title":1316,"path":1317,"stem":1318},{"title":1322,"path":1323,"stem":1324},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":1326,"path":1327,"stem":1328},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":1330,"path":1331,"stem":1332},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":1334,"path":1335,"stem":1336},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":1338,"path":1339,"stem":1340},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":1342,"path":1343,"stem":1344},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":1346,"path":1347,"stem":1348},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":1350,"path":1351,"stem":1352},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":1354,"path":1355,"stem":1356,"children":1357},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[1358,1359,1363,1367,1371,1375,1379],{"title":1354,"path":1355,"stem":1356},{"title":1360,"path":1361,"stem":1362},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":1364,"path":1365,"stem":1366},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":1368,"path":1369,"stem":1370},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":1372,"path":1373,"stem":1374},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":1376,"path":1377,"stem":1378},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":1380,"path":1381,"stem":1382},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":1384,"path":1385,"stem":1386},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":1388,"path":1389,"stem":1390},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":1392,"path":1393,"stem":1394},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":1211,"path":1212,"stem":1213,"children":1396},[1397,1398,1399,1400],{"title":1211,"path":1212,"stem":1213},{"title":30,"path":1205,"stem":1207},{"title":1215,"path":1216,"stem":1217},{"title":1401,"path":1402,"stem":1403},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":1405,"path":1406,"stem":1407},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":1409,"path":1410,"stem":1411},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":1413,"path":1414,"stem":1415},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":1417,"path":1418,"stem":1419},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":1421,"path":1422,"stem":1423,"children":1424},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[1425,1426,1430,1434,1438,1442],{"title":1421,"path":1422,"stem":1423},{"title":1427,"path":1428,"stem":1429},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":1431,"path":1432,"stem":1433},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":1435,"path":1436,"stem":1437},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":1439,"path":1440,"stem":1441},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":1443,"path":1444,"stem":1445},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":1447,"path":1448,"stem":1449,"children":1450},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[1451,1452,1456],{"title":1447,"path":1448,"stem":1449},{"title":1453,"path":1454,"stem":1455},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":1457,"path":1458,"stem":1459},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":1461,"path":1462,"stem":1463},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":1465,"path":1466,"stem":1467},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":1469,"path":1470,"stem":1471,"children":1472},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[1473,1474,1478,1482,1486],{"title":1469,"path":1470,"stem":1471},{"title":1475,"path":1476,"stem":1477},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":1479,"path":1480,"stem":1481},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":1483,"path":1484,"stem":1485},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":1487,"path":1488,"stem":1489},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":1491,"path":1492,"stem":1493},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1495,"path":1496,"stem":1497},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1499,"path":1500,"stem":1501},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1503,"path":1504,"stem":1505},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1507,"path":1508,"stem":1509},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1511,"path":1512,"stem":1513},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1515,"path":1516,"stem":1517,"children":1518},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[1519,1520,1524,1528],{"title":1515,"path":1516,"stem":1517},{"title":1521,"path":1522,"stem":1523},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":1525,"path":1526,"stem":1527},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":1529,"path":1530,"stem":1531},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1533,"path":1534,"stem":1535,"children":1536},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1537,1538,1541,1545,1548,1551,1554,1557,1560,1563,1566,1569,1572,1575,1578,1581,1584,1587,1590,1593,1596,1599,1602,1605,1608,1611,1614,1617,1620,1623,1626],{"title":1533,"path":1534,"stem":1535},{"title":1282,"path":1539,"stem":1540},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1542,"path":1543,"stem":1544},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":1290,"path":1546,"stem":1547},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":1312,"path":1549,"stem":1550},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":1316,"path":1552,"stem":1553},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":1338,"path":1555,"stem":1556},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":1342,"path":1558,"stem":1559},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":1346,"path":1561,"stem":1562},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":1350,"path":1564,"stem":1565},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":1354,"path":1567,"stem":1568},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":1384,"path":1570,"stem":1571},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":1388,"path":1573,"stem":1574},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":1392,"path":1576,"stem":1577},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":1211,"path":1579,"stem":1580},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":1405,"path":1582,"stem":1583},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":1409,"path":1585,"stem":1586},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":1413,"path":1588,"stem":1589},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":1417,"path":1591,"stem":1592},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":1421,"path":1594,"stem":1595},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":1447,"path":1597,"stem":1598},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":1461,"path":1600,"stem":1601},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":1465,"path":1603,"stem":1604},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":1469,"path":1606,"stem":1607},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":1491,"path":1609,"stem":1610},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1495,"path":1612,"stem":1613},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1499,"path":1615,"stem":1616},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1503,"path":1618,"stem":1619},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1507,"path":1621,"stem":1622},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1511,"path":1624,"stem":1625},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1515,"path":1627,"stem":1628},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1630,"path":1631,"stem":1632,"children":1633},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1634,1635,1639,1661,1665,1687],{"title":1630,"path":1631,"stem":1632},{"title":1636,"path":1637,"stem":1638},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1640,"path":1641,"stem":1642,"children":1643},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1644,1645,1649,1653,1657],{"title":1640,"path":1641,"stem":1642},{"title":1646,"path":1647,"stem":1648},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1650,"path":1651,"stem":1652},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1654,"path":1655,"stem":1656},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1658,"path":1659,"stem":1660},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1662,"path":1663,"stem":1664},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1666,"path":1667,"stem":1668,"children":1669},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1670,1671,1675,1679,1683],{"title":1666,"path":1667,"stem":1668},{"title":1672,"path":1673,"stem":1674},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1676,"path":1677,"stem":1678},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1680,"path":1681,"stem":1682},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1684,"path":1685,"stem":1686},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1688,"path":1689,"stem":1690},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1692,"path":1693,"stem":1694,"children":1695},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1696,1697,1701],{"title":1692,"path":1693,"stem":1694},{"title":1698,"path":1699,"stem":1700},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1702,"path":1703,"stem":1704,"children":1705},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1706,1707,1711],{"title":1702,"path":1703,"stem":1704},{"title":1708,"path":1709,"stem":1710},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1712,"path":1713,"stem":1714},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1716,"path":1717,"stem":1718,"children":1719},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1720,1721,1725,1729,1733,1737,1741,1745,1749,1753,1757,1761,1765,1769,1773,1777],{"title":1716,"path":1717,"stem":1718},{"title":1722,"path":1723,"stem":1724},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1726,"path":1727,"stem":1728},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1730,"path":1731,"stem":1732},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1734,"path":1735,"stem":1736},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1738,"path":1739,"stem":1740},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1742,"path":1743,"stem":1744},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1746,"path":1747,"stem":1748},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1750,"path":1751,"stem":1752},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1754,"path":1755,"stem":1756},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1758,"path":1759,"stem":1760},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1762,"path":1763,"stem":1764},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1766,"path":1767,"stem":1768},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1770,"path":1771,"stem":1772},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1774,"path":1775,"stem":1776},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1778,"path":1779,"stem":1780},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657823530]