[{"data":1,"prerenderedAt":1177},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x":607,"sidebar-android-secure-coding-standard":616},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":593,"extension":594,"meta":595,"navigation":7,"path":603,"seo":604,"stem":605,"__hash__":606},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x.md","DRD10-X. Do not release apps that are debuggable",{"type":32,"value":33,"toc":583},"minimark",[34,38,63,88,93,102,267,275,279,288,312,324,374,378,386,447,451,457,460,463,466,469,474,488,492,527,531,554,557,579],[35,36,30],"h1",{"id":37},"drd10-x-do-not-release-apps-that-are-debuggable",[39,40,41,42,46,47,53,54,57,58,62],"p",{},"This rule was developed in part by Stephanie Colton and Aashirya Kaushik at the October 20-22, 2017 ",[43,44,45],"strong",{},"OurCS Workshop"," ( ",[48,49,50],"a",{"href":50,"rel":51},"http:\u002F\u002Fwww.cs.cmu.edu\u002Fourcs\u002Fregister.html",[52],"nofollow"," ).",[55,56],"br",{},"\nFor more information about this statement, see the ",[48,59,61],{"href":60},"\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","About the OurCS Workshop"," page.",[39,64,65,66,70,71,74,75,78,79,81,82,84,85,87],{},"Android allows the attribute ",[67,68,69],"code",{},"android:debuggable"," to be set to ",[67,72,73],{},"true"," in the manifest, so that the app can be debugged.  By default this attribute is disabled, i.e., it is set to ",[67,76,77],{},"false"," , but it may be set to ",[67,80,73],{}," to help with debugging during development of the app.  However, an app should never be released with this attribute set to ",[67,83,73],{}," as it enables users to gain access to details of the app that should be kept secure.  With the attribute set to ",[67,86,73],{}," , users can debug the app even without access to its source code.",[89,90,92],"h2",{"id":91},"noncompliant-code-example","Noncompliant Code Example",[39,94,95,96,98,99,101],{},"This noncompliant code example shows an app that has the ",[67,97,69],{}," attribute set to ",[67,100,73],{}," being accessed to reveal sensitive data.",[103,104,106],"code-block",{"quality":105},"bad",[107,108,113],"pre",{"className":109,"code":110,"language":111,"meta":112,"style":112},"language-java shiki shiki-themes github-light github-dark monokai","$ adb shell\nshell@android:\u002F $ run-as com.example.someapp sh\nshell@android:\u002Fdata\u002Fdata\u002Fcom.example.someapp $ id\nuid=10060(app_60) gid=10060(app_60)\nshell@android:\u002Fdata\u002Fdata\u002Fcom.example.someapp $ ls files\u002F\nsecret_data.txt\nshell@android:\u002Fdata\u002Fdata\u002Fcom.example.some $ cat files\u002Fsecret_data.txt\npassword=GoogolPlex\naccount_number=31974286 \n","java","",[67,114,115,124,147,168,191,214,220,244,256],{"__ignoreMap":112},[116,117,120],"span",{"class":118,"line":119},"line",1,[116,121,123],{"class":122},"sMOD_","$ adb shell\n",[116,125,127,130,134,138,141,144],{"class":118,"line":126},2,[116,128,129],{"class":122},"shell@",[116,131,133],{"class":132},"sq6CD","android",[116,135,137],{"class":136},"sC2Qs",":\u002F",[116,139,140],{"class":122}," $ run",[116,142,143],{"class":136},"-",[116,145,146],{"class":122},"as com.example.someapp sh\n",[116,148,150,152,154,156,159,161,163,165],{"class":118,"line":149},3,[116,151,129],{"class":122},[116,153,133],{"class":132},[116,155,137],{"class":136},[116,157,158],{"class":122},"data",[116,160,6],{"class":136},[116,162,158],{"class":122},[116,164,6],{"class":136},[116,166,167],{"class":122},"com.example.someapp $ id\n",[116,169,171,174,177,181,184,186,188],{"class":118,"line":170},4,[116,172,173],{"class":122},"uid",[116,175,176],{"class":136},"=",[116,178,180],{"class":179},"s7F3e","10060",[116,182,183],{"class":122},"(app_60) gid",[116,185,176],{"class":136},[116,187,180],{"class":179},[116,189,190],{"class":122},"(app_60)\n",[116,192,194,196,198,200,202,204,206,208,211],{"class":118,"line":193},5,[116,195,129],{"class":122},[116,197,133],{"class":132},[116,199,137],{"class":136},[116,201,158],{"class":122},[116,203,6],{"class":136},[116,205,158],{"class":122},[116,207,6],{"class":136},[116,209,210],{"class":122},"com.example.someapp $ ls files",[116,212,213],{"class":136},"\u002F\n",[116,215,217],{"class":118,"line":216},6,[116,218,219],{"class":122},"secret_data.txt\n",[116,221,223,225,227,229,231,233,235,237,240,242],{"class":118,"line":222},7,[116,224,129],{"class":122},[116,226,133],{"class":132},[116,228,137],{"class":136},[116,230,158],{"class":122},[116,232,6],{"class":136},[116,234,158],{"class":122},[116,236,6],{"class":136},[116,238,239],{"class":122},"com.example.some $ cat files",[116,241,6],{"class":136},[116,243,219],{"class":122},[116,245,247,250,252],{"class":118,"line":246},8,[116,248,249],{"class":122},"password",[116,251,176],{"class":136},[116,253,255],{"class":254},"sk8M1","GoogolPlex\n",[116,257,259,262,264],{"class":118,"line":258},9,[116,260,261],{"class":122},"account_number",[116,263,176],{"class":136},[116,265,266],{"class":179},"31974286\n",[39,268,269,270,98,272,274],{},"Clearly, with the ",[67,271,69],{},[67,273,73],{}," , sensitive date related to the app can be revealed to any user.",[89,276,278],{"id":277},"compliant-solution","Compliant Solution",[39,280,281,282,284,285,287],{},"Ensure that the ",[67,283,69],{}," attribute is set to ",[67,286,77],{}," before the app is released:",[103,289,291],{"quality":290},"good",[107,292,294],{"className":109,"code":293,"language":111,"meta":112,"style":112},"android:debuggable=\"false\n",[67,295,296],{"__ignoreMap":112},[116,297,298,300,303,306,308],{"class":118,"line":119},[116,299,133],{"class":122},[116,301,302],{"class":136},":",[116,304,305],{"class":122},"debuggable",[116,307,176],{"class":136},[116,309,311],{"class":310},"sstjo","\"false\n",[39,313,314,315,317,318,320,321,323],{},"Note that some development environments (including Eclipse\u002FADT and Ant) automatically set ",[67,316,69],{}," to ",[67,319,73],{}," for incremental or debugging builds but set it to ",[67,322,77],{}," for release builds.",[103,325,326],{"quality":290},[107,327,329],{"className":109,"code":328,"language":111,"meta":112,"style":112}," \u003Cconfiguration>   \n \u003Ccompilation debug=\"true\"\u002F> \n \u003C\u002Fconfiguration>\n",[67,330,331,345,364],{"__ignoreMap":112},[116,332,333,336,339,342],{"class":118,"line":119},[116,334,335],{"class":136}," \u003C",[116,337,338],{"class":122},"configuration",[116,340,341],{"class":136},">",[116,343,344],{"class":122},"   \n",[116,346,347,350,353,355,358,361],{"class":118,"line":126},[116,348,349],{"class":136}," \u003C",[116,351,352],{"class":122},"compilation debug",[116,354,176],{"class":136},[116,356,357],{"class":310},"\"true\"",[116,359,360],{"class":136},"\u002F>",[116,362,363],{"class":122}," \n",[116,365,366,369,371],{"class":118,"line":149},[116,367,368],{"class":136}," \u003C\u002F",[116,370,338],{"class":122},[116,372,373],{"class":136},">\n",[89,375,377],{"id":376},"risk-assessment","Risk Assessment",[39,379,380,381,98,383,385],{},"Releasing an app with its ",[67,382,69],{},[67,384,73],{}," can leak sensitive information. In addition, the app is vulnerable to decompilation, resulting in alteration to source code.Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the framework, database, or other resources used by the application.",[387,388,389,390,389,420],"table",{},"\n  ",[391,392,393,394,389],"thead",{},"\n    ",[395,396,397,398,397,402,397,405,397,408,397,411,397,414,397,417,393],"tr",{},"\n      ",[399,400,401],"th",{},"Rule",[399,403,404],{},"Severity",[399,406,407],{},"Likelihood",[399,409,410],{},"Detectable",[399,412,413],{},"Repairable",[399,415,416],{},"Priority",[399,418,419],{},"Level",[421,422,393,423,389],"tbody",{},[395,424,397,425,397,429,397,432,397,435,397,438,397,440,397,444,393],{},[426,427,428],"td",{},"DRD10-X",[426,430,431],{},"High",[426,433,434],{},"Probable",[426,436,437],{},"Yes",[426,439,437],{},[426,441,443],{"style":442},"color: #e74c3c;","P18",[426,445,446],{"style":442},"L1",[89,448,450],{"id":449},"automated-detection","Automated Detection",[39,452,453,454,456],{},"Automatic detection of the setting of the ",[67,455,69],{}," attribute is straightforward. It is not feasible to automatically determine whether any data that might be revealed by debugging the app is sensitive.",[39,458,459],{},"Tool",[39,461,462],{},"Version",[39,464,465],{},"Checker",[39,467,468],{},"Description",[470,471,473],"h3",{"id":472},"related-vulnerabilities","Related Vulnerabilities",[39,475,476,477,481,482,487],{},"Search for ",[48,478,480],{"href":479},"#","vulnerabilities"," resulting from the violation of this rule on the ",[48,483,486],{"href":484,"rel":485},"https:\u002F\u002Fwww.kb.cert.org\u002Fvulnotes\u002Fbymetric?searchview&query=FIELD+KEYWORDS+contains+DRD10-x",[52],"CERT website"," .",[89,489,491],{"id":490},"related-guidelines","Related Guidelines",[387,493,494,502],{},[391,495,496],{},[395,497,498,500],{},[399,499],{},[399,501],{},[421,503,504,516],{},[395,505,506,513],{},[426,507,508],{},[48,509,512],{"href":510,"rel":511},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F359.html",[52],"CWE",[426,514,515],{},"359: Exposure of Private Information",[395,517,518,524],{},[426,519,520],{},[48,521,512],{"href":522,"rel":523},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F264.html",[52],[426,525,526],{},"264: Permissions, Privileges, and Access Controls",[89,528,530],{"id":529},"bibliography","Bibliography",[387,532,533,541],{},[391,534,535],{},[395,536,537,539],{},[399,538],{},[399,540],{},[421,542,543],{},[395,544,545,548],{},[426,546,547],{},"ASP.NET Misconfiguration: Creating Debug Binary",[426,549,550],{},[48,551,552],{"href":552,"rel":553},"http:\u002F\u002Fwww.ids-sax2.com\u002FKnowledgebase\u002FNetworkSecurity\u002FCreating-Debug-Binary.htm",[52],[555,556],"hr",{},[39,558,559,566,567,566,573],{},[48,560,562],{"href":561},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD09-J%3A+Restrict+access+to+sensitive+activities?showChildren=false&showComments=false",[563,564],"img",{"src":565},"\u002Fattachments\u002F88487702\u002F88497198.png"," ",[48,568,570],{"href":569},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=111509535",[563,571],{"src":572},"\u002Fattachments\u002F88487702\u002F88497196.png",[48,574,576],{"href":575},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD11-J.+Ensure+that+sensitive+data+is+kept+secure?showChildren=false&showComments=false",[563,577],{"src":578},"\u002Fattachments\u002F88487702\u002F88497197.png",[580,581,582],"style",{},"html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}",{"title":112,"searchDepth":126,"depth":126,"links":584},[585,586,587,588,591,592],{"id":91,"depth":126,"text":92},{"id":277,"depth":126,"text":278},{"id":376,"depth":126,"text":377},{"id":449,"depth":126,"text":450,"children":589},[590],{"id":472,"depth":149,"text":473},{"id":490,"depth":126,"text":491},{"id":529,"depth":126,"text":530},"This rule was developed in part by Stephanie Colton and Aashirya Kaushik at the October 20-22, 2017 OurCS Workshop ( http:\u002F\u002Fwww.cs.cmu.edu\u002Fourcs\u002Fregister.html ).\nFor more information about this statement, see the About the OurCS Workshop page.","md",{"tags":596},[597,598,599,600,601,602],"android-applicable","rule","drd","msc","xml","draft","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x",{"title":30,"description":593},"3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x","arxshb5q_KsEO_llCCFj4boBrDHIwe0iIBm5pszCHLw",[608,612],{"title":609,"path":610,"stem":611,"children":-1},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",{"title":613,"path":614,"stem":615,"children":-1},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",[617],{"title":618,"path":619,"stem":620,"children":621},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[622,623,673,930,1027,1089,1113],{"title":618,"path":619,"stem":620},{"title":624,"path":625,"stem":626,"children":627},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[628,629,651],{"title":624,"path":625,"stem":626},{"title":630,"path":631,"stem":632,"children":633},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[634,635,639,643,647],{"title":630,"path":631,"stem":632},{"title":636,"path":637,"stem":638},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":640,"path":641,"stem":642},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":644,"path":645,"stem":646},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":648,"path":649,"stem":650},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":652,"path":653,"stem":654,"children":655},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[656,657,661,665,669],{"title":652,"path":653,"stem":654},{"title":658,"path":659,"stem":660},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":662,"path":663,"stem":664},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":666,"path":667,"stem":668},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":670,"path":671,"stem":672},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":674,"path":675,"stem":676,"children":677},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[678,679,683,687,709,713,735,739,743,747,751,781,785,789,793,811,815,819,823,827,844,858,862,866,888,892,896,900,904,908,912],{"title":674,"path":675,"stem":676},{"title":680,"path":681,"stem":682},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":684,"path":685,"stem":686},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":688,"path":689,"stem":690,"children":691},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[692,693,697,701,705],{"title":688,"path":689,"stem":690},{"title":694,"path":695,"stem":696},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":698,"path":699,"stem":700},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":702,"path":703,"stem":704},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":706,"path":707,"stem":708},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":710,"path":711,"stem":712},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":714,"path":715,"stem":716,"children":717},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[718,719,723,727,731],{"title":714,"path":715,"stem":716},{"title":720,"path":721,"stem":722},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":724,"path":725,"stem":726},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":728,"path":729,"stem":730},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":732,"path":733,"stem":734},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":736,"path":737,"stem":738},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":740,"path":741,"stem":742},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":744,"path":745,"stem":746},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":748,"path":749,"stem":750},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":752,"path":753,"stem":754,"children":755},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[756,757,761,765,769,773,777],{"title":752,"path":753,"stem":754},{"title":758,"path":759,"stem":760},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":762,"path":763,"stem":764},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":766,"path":767,"stem":768},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":770,"path":771,"stem":772},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":774,"path":775,"stem":776},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":778,"path":779,"stem":780},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":782,"path":783,"stem":784},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":786,"path":787,"stem":788},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":790,"path":791,"stem":792},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":794,"path":795,"stem":796,"children":797},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[798,799,803,807],{"title":794,"path":795,"stem":796},{"title":800,"path":801,"stem":802},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":804,"path":805,"stem":806},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":808,"path":809,"stem":810},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":812,"path":813,"stem":814},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":816,"path":817,"stem":818},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":820,"path":821,"stem":822},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":824,"path":825,"stem":826},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":609,"path":610,"stem":611,"children":828},[829,830,831,832,836,840],{"title":609,"path":610,"stem":611},{"title":30,"path":603,"stem":605},{"title":613,"path":614,"stem":615},{"title":833,"path":834,"stem":835},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":837,"path":838,"stem":839},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":841,"path":842,"stem":843},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":845,"path":846,"stem":847,"children":848},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[849,850,854],{"title":845,"path":846,"stem":847},{"title":851,"path":852,"stem":853},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":855,"path":856,"stem":857},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":859,"path":860,"stem":861},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":863,"path":864,"stem":865},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":867,"path":868,"stem":869,"children":870},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[871,872,876,880,884],{"title":867,"path":868,"stem":869},{"title":873,"path":874,"stem":875},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":877,"path":878,"stem":879},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":881,"path":882,"stem":883},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":885,"path":886,"stem":887},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":889,"path":890,"stem":891},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":893,"path":894,"stem":895},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":897,"path":898,"stem":899},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":901,"path":902,"stem":903},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":905,"path":906,"stem":907},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":909,"path":910,"stem":911},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":913,"path":914,"stem":915,"children":916},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[917,918,922,926],{"title":913,"path":914,"stem":915},{"title":919,"path":920,"stem":921},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":923,"path":924,"stem":925},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":927,"path":928,"stem":929},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":931,"path":932,"stem":933,"children":934},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[935,936,939,943,946,949,952,955,958,961,964,967,970,973,976,979,982,985,988,991,994,997,1000,1003,1006,1009,1012,1015,1018,1021,1024],{"title":931,"path":932,"stem":933},{"title":680,"path":937,"stem":938},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":940,"path":941,"stem":942},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":688,"path":944,"stem":945},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":710,"path":947,"stem":948},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":714,"path":950,"stem":951},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":736,"path":953,"stem":954},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":740,"path":956,"stem":957},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":744,"path":959,"stem":960},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":748,"path":962,"stem":963},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":752,"path":965,"stem":966},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":782,"path":968,"stem":969},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":786,"path":971,"stem":972},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":790,"path":974,"stem":975},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":794,"path":977,"stem":978},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":812,"path":980,"stem":981},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":816,"path":983,"stem":984},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":820,"path":986,"stem":987},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":824,"path":989,"stem":990},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":609,"path":992,"stem":993},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":845,"path":995,"stem":996},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":859,"path":998,"stem":999},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":863,"path":1001,"stem":1002},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":867,"path":1004,"stem":1005},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":889,"path":1007,"stem":1008},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":893,"path":1010,"stem":1011},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":897,"path":1013,"stem":1014},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":901,"path":1016,"stem":1017},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":905,"path":1019,"stem":1020},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":909,"path":1022,"stem":1023},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":913,"path":1025,"stem":1026},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1028,"path":1029,"stem":1030,"children":1031},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1032,1033,1037,1059,1063,1085],{"title":1028,"path":1029,"stem":1030},{"title":1034,"path":1035,"stem":1036},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1038,"path":1039,"stem":1040,"children":1041},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1042,1043,1047,1051,1055],{"title":1038,"path":1039,"stem":1040},{"title":1044,"path":1045,"stem":1046},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1048,"path":1049,"stem":1050},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1052,"path":1053,"stem":1054},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1056,"path":1057,"stem":1058},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1060,"path":1061,"stem":1062},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1064,"path":1065,"stem":1066,"children":1067},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1068,1069,1073,1077,1081],{"title":1064,"path":1065,"stem":1066},{"title":1070,"path":1071,"stem":1072},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1074,"path":1075,"stem":1076},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1078,"path":1079,"stem":1080},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1082,"path":1083,"stem":1084},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1086,"path":1087,"stem":1088},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1090,"path":1091,"stem":1092,"children":1093},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1094,1095,1099],{"title":1090,"path":1091,"stem":1092},{"title":1096,"path":1097,"stem":1098},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1100,"path":1101,"stem":1102,"children":1103},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1104,1105,1109],{"title":1100,"path":1101,"stem":1102},{"title":1106,"path":1107,"stem":1108},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1110,"path":1111,"stem":1112},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1114,"path":1115,"stem":1116,"children":1117},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1118,1119,1121,1125,1129,1133,1137,1141,1145,1149,1153,1157,1161,1165,1169,1173],{"title":1114,"path":1115,"stem":1116},{"title":61,"path":60,"stem":1120},"3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1122,"path":1123,"stem":1124},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1126,"path":1127,"stem":1128},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1130,"path":1131,"stem":1132},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1134,"path":1135,"stem":1136},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1138,"path":1139,"stem":1140},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1142,"path":1143,"stem":1144},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1146,"path":1147,"stem":1148},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1150,"path":1151,"stem":1152},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1154,"path":1155,"stem":1156},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1158,"path":1159,"stem":1160},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1162,"path":1163,"stem":1164},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1166,"path":1167,"stem":1168},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1170,"path":1171,"stem":1172},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1174,"path":1175,"stem":1176},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657823534]