[{"data":1,"prerenderedAt":1341},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j":769,"sidebar-android-secure-coding-standard":778},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":756,"extension":757,"meta":758,"navigation":7,"path":765,"seo":766,"stem":767,"__hash__":768},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j.md","DRD15-J. Consider privacy concerns when using Geolocation API",{"type":32,"value":33,"toc":746},"minimark",[34,38,50,53,65,68,71,177,180,191,194,213,218,231,237,242,245,326,330,333,384,388,391,514,517,521,524,585,589,599,603,628,632,641,644,647,650,653,657,718,721,742],[35,36,30],"h1",{"id":37},"drd15-j-consider-privacy-concerns-when-using-geolocation-api",[39,40,41,42,49],"p",{},"The ",[43,44,48],"a",{"href":45,"rel":46},"http:\u002F\u002Fwww.w3.org\u002FTR\u002Fgeolocation-API\u002F",[47],"nofollow","Geolocation API"," , which is specified by W3C, enables web browsers to access geographical location information of a user's device.",[39,51,52],{},"In the specification, it is prohibited that user agents send location information to web sites without obtaining permission from the user:",[54,55,56,59,62],"blockquote",{},[39,57,58],{},"4.1 Privacy considerations for implementers of the Geolocation API",[39,60,61],{},"User agents must not send location information to Web sites without the express permission of the user. User agents must acquire permission through a user interface, unless they have prearranged trust relationships with users, as described below. The user interface must include the host component of the document's URI [URI]. Those permissions that are acquired through the user interface and that are preserved beyond the current browsing session (i.e. beyond the time when the browsing context [BROWSINGCONTEXT] is navigated to another URL) must be revocable and user agents must respect revoked permissions.",[39,63,64],{},"Some user agents will have prearranged trust relationships that do not require such user interfaces. For example, while a Web browser will present a user interface when a Web site performs a geolocation request, a VOIP telephone may not present any user interface when using location information to perform an E911 function.",[39,66,67],{},"A conforming implementation must acquire permission through a user interface before sending the user's geolocation to the web site.",[39,69,70],{},"An example Javascript for using Geolocation API is as follows:",[72,73,78],"pre",{"className":74,"code":75,"language":76,"meta":77,"style":77},"language-java shiki shiki-themes github-light github-dark monokai","\u003Cscript>     \nnavigator.geolocation.getCurrentPosition(\n  function(position) {\n         alert(position.coords.latitude);\n         alert(position.coords.longitude);      \n  },       \n  function(){       \n  \u002F\u002F error     \n});     \n\u003C\u002Fscript>\n","java","",[79,80,81,100,113,122,131,139,145,153,160,166],"code",{"__ignoreMap":77},[82,83,86,90,94,97],"span",{"class":84,"line":85},"line",1,[82,87,89],{"class":88},"sC2Qs","\u003C",[82,91,93],{"class":92},"sMOD_","script",[82,95,96],{"class":88},">",[82,98,99],{"class":92},"     \n",[82,101,103,106,110],{"class":84,"line":102},2,[82,104,105],{"class":92},"navigator.geolocation.",[82,107,109],{"class":108},"srTi1","getCurrentPosition",[82,111,112],{"class":92},"(\n",[82,114,116,119],{"class":84,"line":115},3,[82,117,118],{"class":108},"  function",[82,120,121],{"class":92},"(position) {\n",[82,123,125,128],{"class":84,"line":124},4,[82,126,127],{"class":108},"         alert",[82,129,130],{"class":92},"(position.coords.latitude);\n",[82,132,134,136],{"class":84,"line":133},5,[82,135,127],{"class":108},[82,137,138],{"class":92},"(position.coords.longitude);      \n",[82,140,142],{"class":84,"line":141},6,[82,143,144],{"class":92},"  },       \n",[82,146,148,150],{"class":84,"line":147},7,[82,149,118],{"class":108},[82,151,152],{"class":92},"(){       \n",[82,154,156],{"class":84,"line":155},8,[82,157,159],{"class":158},"s8-w5","  \u002F\u002F error     \n",[82,161,163],{"class":84,"line":162},9,[82,164,165],{"class":92},"});     \n",[82,167,169,172,174],{"class":84,"line":168},10,[82,170,171],{"class":88},"\u003C\u002F",[82,173,93],{"class":92},[82,175,176],{"class":88},">\n",[39,178,179],{},"The Javascript above will show the location of the device on a screen.",[39,181,182,183,186,187,190],{},"To enable geolocation in an application using the ",[79,184,185],{},"WebView"," class, the following permissions and the use of the ",[79,188,189],{},"webkit"," package is necessary:",[39,192,193],{},"permissions",[195,196,197,203,208],"ul",{},[198,199,200],"li",{},[79,201,202],{},"android.permission.ACCESS_FINE_LOCATION",[198,204,205],{},[79,206,207],{},"android.permission.ACCESS_COARSE_LOCATION",[198,209,210],{},[79,211,212],{},"android.permission.INTERNET",[39,214,215,217],{},[79,216,189],{}," package",[195,219,220,225],{},[198,221,222],{},[79,223,224],{},"WebSettings#setGeolocationEnabled(true)",[198,226,227,230],{},[79,228,229],{},"WebChromeClient#onGeolocationPermissionsShowPrompt()"," implementation",[39,232,233,234,236],{},"Among these, implementing the ",[79,235,229],{}," method needs security consideration. There are vulnerable apps and code examples that override this method so that a user's geolocation information is sent to servers without the user's consent. With such an implementation, the user's geolocation location data will leak just by visiting malicious sites.",[238,239,241],"h2",{"id":240},"noncompliant-code-example","Noncompliant Code Example",[39,243,244],{},"This noncompliant code example sends the user's geolocation information without obtaining the user's permission upon request from a server.",[246,247,249],"code-block",{"quality":248},"bad",[72,250,252],{"className":74,"code":251,"language":76,"meta":77,"style":77},"public void onGeolocationPermissionsShowPrompt(String origin, Callback callback){\n        super.onGeolocationPermissionsShowPrompt(origin, callback);\n        callback.invoke(origin, true, false);\n}\n",[79,253,254,282,297,321],{"__ignoreMap":77},[82,255,256,259,263,266,269,273,276,279],{"class":84,"line":85},[82,257,258],{"class":88},"public",[82,260,262],{"class":261},"sq6CD"," void",[82,264,265],{"class":108}," onGeolocationPermissionsShowPrompt",[82,267,268],{"class":92},"(",[82,270,272],{"class":271},"sk8M1","String",[82,274,275],{"class":92}," origin, ",[82,277,278],{"class":271},"Callback",[82,280,281],{"class":92}," callback){\n",[82,283,284,288,291,294],{"class":84,"line":102},[82,285,287],{"class":286},"sP7S_","        super",[82,289,290],{"class":92},".",[82,292,293],{"class":108},"onGeolocationPermissionsShowPrompt",[82,295,296],{"class":92},"(origin, callback);\n",[82,298,299,302,305,308,312,315,318],{"class":84,"line":115},[82,300,301],{"class":92},"        callback.",[82,303,304],{"class":108},"invoke",[82,306,307],{"class":92},"(origin, ",[82,309,311],{"class":310},"s7F3e","true",[82,313,314],{"class":92},", ",[82,316,317],{"class":310},"false",[82,319,320],{"class":92},");\n",[82,322,323],{"class":84,"line":124},[82,324,325],{"class":92},"}\n",[238,327,329],{"id":328},"compliant-solution-1","Compliant Solution #1",[39,331,332],{},"This compliant solution shows a UI to ask for the user's consent. Depending on the user's response, the application can control the transmission of the geolocation data.",[246,334,336],{"quality":335},"good",[72,337,339],{"className":74,"code":338,"language":76,"meta":77,"style":77},"public void onGeolocationPermissionsShowPrompt(String origin, Callback callback) {\n        super.onGeolocationPermissionsShowPrompt(origin, callback);\n        \u002F\u002F Ask for user's permission\n        \u002F\u002F When the user disallows, do not send the geolocation information\n}\n",[79,340,341,360,370,375,380],{"__ignoreMap":77},[82,342,343,345,347,349,351,353,355,357],{"class":84,"line":85},[82,344,258],{"class":88},[82,346,262],{"class":261},[82,348,265],{"class":108},[82,350,268],{"class":92},[82,352,272],{"class":271},[82,354,275],{"class":92},[82,356,278],{"class":271},[82,358,359],{"class":92}," callback) {\n",[82,361,362,364,366,368],{"class":84,"line":102},[82,363,287],{"class":286},[82,365,290],{"class":92},[82,367,293],{"class":108},[82,369,296],{"class":92},[82,371,372],{"class":84,"line":115},[82,373,374],{"class":158},"        \u002F\u002F Ask for user's permission\n",[82,376,377],{"class":84,"line":124},[82,378,379],{"class":158},"        \u002F\u002F When the user disallows, do not send the geolocation information\n",[82,381,382],{"class":84,"line":133},[82,383,325],{"class":92},[238,385,387],{"id":386},"compliant-solution-2","Compliant Solution #2",[39,389,390],{},"The following compliant solution is from a real world fix of a previously vulnerable application.",[246,392,393],{"quality":335},[72,394,396],{"className":74,"code":395,"language":76,"meta":77,"style":77},"public void onGeolocationPermissionsShowPrompt(String origin, GeolocationPermissions$Callback callback) {\n        super.onGeolocationPermissionsShowPrompt(origin, callback);\n        if(MyPreferences.getBoolean(\"SECURITY_ENABLE_GEOLOCATION_INFORMATION\", true)) {\n            WebViewHolder.a(this.a).permissionShowPrompt(origin, callback);\n        }\n        else {\n            callback.invoke(origin, false, false);\n        }\n}\n",[79,397,398,422,432,456,476,481,489,506,510],{"__ignoreMap":77},[82,399,400,402,404,406,408,410,412,415,418,420],{"class":84,"line":85},[82,401,258],{"class":88},[82,403,262],{"class":261},[82,405,265],{"class":108},[82,407,268],{"class":92},[82,409,272],{"class":271},[82,411,275],{"class":92},[82,413,414],{"class":271},"GeolocationPermissions",[82,416,417],{"class":92},"$",[82,419,278],{"class":271},[82,421,359],{"class":92},[82,423,424,426,428,430],{"class":84,"line":102},[82,425,287],{"class":286},[82,427,290],{"class":92},[82,429,293],{"class":108},[82,431,296],{"class":92},[82,433,434,437,440,443,445,449,451,453],{"class":84,"line":115},[82,435,436],{"class":88},"        if",[82,438,439],{"class":92},"(MyPreferences.",[82,441,442],{"class":108},"getBoolean",[82,444,268],{"class":92},[82,446,448],{"class":447},"sstjo","\"SECURITY_ENABLE_GEOLOCATION_INFORMATION\"",[82,450,314],{"class":92},[82,452,311],{"class":310},[82,454,455],{"class":92},")) {\n",[82,457,458,461,463,465,468,471,474],{"class":84,"line":124},[82,459,460],{"class":92},"            WebViewHolder.",[82,462,43],{"class":108},[82,464,268],{"class":92},[82,466,467],{"class":286},"this",[82,469,470],{"class":92},".a).",[82,472,473],{"class":108},"permissionShowPrompt",[82,475,296],{"class":92},[82,477,478],{"class":84,"line":133},[82,479,480],{"class":92},"        }\n",[82,482,483,486],{"class":84,"line":141},[82,484,485],{"class":88},"        else",[82,487,488],{"class":92}," {\n",[82,490,491,494,496,498,500,502,504],{"class":84,"line":147},[82,492,493],{"class":92},"            callback.",[82,495,304],{"class":108},[82,497,307],{"class":92},[82,499,317],{"class":310},[82,501,314],{"class":92},[82,503,317],{"class":310},[82,505,320],{"class":92},[82,507,508],{"class":84,"line":155},[82,509,480],{"class":92},[82,511,512],{"class":84,"line":162},[82,513,325],{"class":92},[39,515,516],{},"If the user setting of geolocation is enabled, the code will show a screen to ask for the user's permission. If the setting is disabled, it will not transmit the geolocation data.",[238,518,520],{"id":519},"risk-assessment","Risk Assessment",[39,522,523],{},"Sending a user's geolocation information without asking the user's permission violates the security and privacy considerations of the Geolocation API and leaks the user's sensitive information.",[525,526,527,528,527,558],"table",{},"\n  ",[529,530,531,532,527],"thead",{},"\n    ",[533,534,535,536,535,540,535,543,535,546,535,549,535,552,535,555,531],"tr",{},"\n      ",[537,538,539],"th",{},"Rule",[537,541,542],{},"Severity",[537,544,545],{},"Likelihood",[537,547,548],{},"Detectable",[537,550,551],{},"Repairable",[537,553,554],{},"Priority",[537,556,557],{},"Level",[559,560,531,561,527],"tbody",{},[533,562,535,563,535,567,535,570,535,573,535,576,535,578,535,582,531],{},[564,565,566],"td",{},"DRD15-J",[564,568,569],{},"Low",[564,571,572],{},"Probable",[564,574,575],{},"No",[564,577,575],{},[564,579,581],{"style":580},"color: #27ae60;","P2",[564,583,584],{"style":580},"L3",[238,586,588],{"id":587},"related-vulnerabilities","Related Vulnerabilities",[195,590,591],{},[198,592,593,598],{},[43,594,597],{"href":595,"rel":596},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN81637882\u002Findex.html",[47],"JVN#81637882"," Information disclosure vulnerability in Sleipnir Mobile for Android",[238,600,602],{"id":601},"related-guidelines","Related Guidelines",[525,604,605,613],{},[529,606,607],{},[533,608,609,611],{},[537,610],{},[537,612],{},[559,614,615],{},[533,616,617,623],{},[564,618,619,622],{},[43,620,48],{"href":45,"rel":621},[47]," by W3C",[564,624,625],{},[43,626,45],{"href":45,"rel":627},[47],[238,629,631],{"id":630},"automated-detection","Automated Detection",[39,633,634,635,637,638,640],{},"It is trivial to automatically detect if an app requires the permissions needed for the vulnerability, if the app also uses the ",[79,636,185],{}," class, and if the app also implements the ",[79,639,229],{}," method.  Tracing taint flow of sensitive geolocation data between components of one or more Android apps, and eventual transit to a sink, is a complex dataflow analysis.",[39,642,643],{},"Tool",[39,645,646],{},"Version",[39,648,649],{},"Checker",[39,651,652],{},"Description",[238,654,656],{"id":655},"bibliography","Bibliography",[525,658,659,667],{},[529,660,661],{},[533,662,663,665],{},[537,664],{},[537,666],{},[559,668,669,703],{},[533,670,671,680],{},[564,672,673,674,679],{},"[ ",[43,675,678],{"href":676,"rel":677},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FAA.+References#AA.References-AndroidAPI13",[47],"Android API 2013"," ]",[564,681,682,690,691,690,696],{},[43,683,686,687],{"href":684,"rel":685},"http:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fandroid\u002Fwebkit\u002FWebChromeClient.html",[47],"class ",[79,688,689],{},"WebChromeClient"," ",[43,692,695],{"href":693,"rel":694},"http:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fandroid\u002Fcontent\u002FContext.html",[47],",",[43,697,686,700],{"href":698,"rel":699},"http:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fandroid\u002Fwebkit\u002FWebSettings.html",[47],[79,701,702],{},"WebSettings",[533,704,705,712],{},[564,706,673,707,679],{},[43,708,711],{"href":709,"rel":710},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FAA.+References#AA.References-W3C13",[47],"W3C 2013",[564,713,714],{},[43,715,717],{"href":45,"rel":716},[47],"Geolocation API Specification",[719,720],"hr",{},[39,722,723,690,730,690,736],{},[43,724,726],{"href":725},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD14-J.+Check+that+a+calling+app+has+appropriate+permissions+before+responding?showChildren=false&showComments=false",[727,728],"img",{"src":729},"\u002Fattachments\u002F88487702\u002F88497198.png",[43,731,733],{"href":732},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=111509535",[727,734],{"src":735},"\u002Fattachments\u002F88487702\u002F88497196.png",[43,737,739],{"href":738},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD16-J.+Explicitly+define+the+exported+attribute+for+private+components?showChildren=false&showComments=false",[727,740],{"src":741},"\u002Fattachments\u002F88487702\u002F88497197.png",[743,744,745],"style",{},"html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sP7S_, html code.shiki .sP7S_{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#FD971F}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}",{"title":77,"searchDepth":102,"depth":102,"links":747},[748,749,750,751,752,753,754,755],{"id":240,"depth":102,"text":241},{"id":328,"depth":102,"text":329},{"id":386,"depth":102,"text":387},{"id":519,"depth":102,"text":520},{"id":587,"depth":102,"text":588},{"id":601,"depth":102,"text":602},{"id":630,"depth":102,"text":631},{"id":655,"depth":102,"text":656},"The Geolocation API , which is specified by W3C, enables web browsers to access geographical location information of a user's device.","md",{"tags":759},[760,761,762,763,764],"rule","drd","msc","android-applicable","android","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j",{"title":30,"description":756},"3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j","PuOyH0HGouy92dPUQK4zrOniXjF6gTArqkdpVbbhUF0",[770,774],{"title":771,"path":772,"stem":773,"children":-1},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":775,"path":776,"stem":777,"children":-1},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",[779],{"title":780,"path":781,"stem":782,"children":783},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[784,785,835,1092,1189,1251,1275],{"title":780,"path":781,"stem":782},{"title":786,"path":787,"stem":788,"children":789},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[790,791,813],{"title":786,"path":787,"stem":788},{"title":792,"path":793,"stem":794,"children":795},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[796,797,801,805,809],{"title":792,"path":793,"stem":794},{"title":798,"path":799,"stem":800},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":802,"path":803,"stem":804},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":806,"path":807,"stem":808},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":810,"path":811,"stem":812},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":814,"path":815,"stem":816,"children":817},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[818,819,823,827,831],{"title":814,"path":815,"stem":816},{"title":820,"path":821,"stem":822},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":824,"path":825,"stem":826},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":828,"path":829,"stem":830},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":832,"path":833,"stem":834},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":836,"path":837,"stem":838,"children":839},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[840,841,845,849,871,875,897,901,905,909,913,943,947,951,955,973,977,981,985,989,1006,1020,1024,1028,1050,1054,1058,1062,1066,1070,1074],{"title":836,"path":837,"stem":838},{"title":842,"path":843,"stem":844},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":846,"path":847,"stem":848},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":850,"path":851,"stem":852,"children":853},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[854,855,859,863,867],{"title":850,"path":851,"stem":852},{"title":856,"path":857,"stem":858},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":860,"path":861,"stem":862},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":864,"path":865,"stem":866},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":868,"path":869,"stem":870},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":872,"path":873,"stem":874},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":876,"path":877,"stem":878,"children":879},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[880,881,885,889,893],{"title":876,"path":877,"stem":878},{"title":882,"path":883,"stem":884},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":886,"path":887,"stem":888},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":890,"path":891,"stem":892},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":894,"path":895,"stem":896},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":898,"path":899,"stem":900},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":902,"path":903,"stem":904},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":906,"path":907,"stem":908},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":910,"path":911,"stem":912},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":914,"path":915,"stem":916,"children":917},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[918,919,923,927,931,935,939],{"title":914,"path":915,"stem":916},{"title":920,"path":921,"stem":922},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":924,"path":925,"stem":926},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":928,"path":929,"stem":930},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":932,"path":933,"stem":934},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":936,"path":937,"stem":938},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":940,"path":941,"stem":942},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":944,"path":945,"stem":946},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":948,"path":949,"stem":950},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":952,"path":953,"stem":954},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":956,"path":957,"stem":958,"children":959},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[960,961,965,969],{"title":956,"path":957,"stem":958},{"title":962,"path":963,"stem":964},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":966,"path":967,"stem":968},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":970,"path":971,"stem":972},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":974,"path":975,"stem":976},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":978,"path":979,"stem":980},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":982,"path":983,"stem":984},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":986,"path":987,"stem":988},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":990,"path":991,"stem":992,"children":993},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[994,995,996,997,998,1002],{"title":990,"path":991,"stem":992},{"title":771,"path":772,"stem":773},{"title":30,"path":765,"stem":767},{"title":775,"path":776,"stem":777},{"title":999,"path":1000,"stem":1001},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":1003,"path":1004,"stem":1005},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":1007,"path":1008,"stem":1009,"children":1010},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[1011,1012,1016],{"title":1007,"path":1008,"stem":1009},{"title":1013,"path":1014,"stem":1015},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":1017,"path":1018,"stem":1019},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":1021,"path":1022,"stem":1023},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":1025,"path":1026,"stem":1027},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":1029,"path":1030,"stem":1031,"children":1032},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[1033,1034,1038,1042,1046],{"title":1029,"path":1030,"stem":1031},{"title":1035,"path":1036,"stem":1037},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":1039,"path":1040,"stem":1041},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":1043,"path":1044,"stem":1045},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":1047,"path":1048,"stem":1049},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":1051,"path":1052,"stem":1053},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1055,"path":1056,"stem":1057},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1059,"path":1060,"stem":1061},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1063,"path":1064,"stem":1065},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1067,"path":1068,"stem":1069},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1071,"path":1072,"stem":1073},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1075,"path":1076,"stem":1077,"children":1078},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[1079,1080,1084,1088],{"title":1075,"path":1076,"stem":1077},{"title":1081,"path":1082,"stem":1083},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":1085,"path":1086,"stem":1087},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":1089,"path":1090,"stem":1091},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1093,"path":1094,"stem":1095,"children":1096},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1097,1098,1101,1105,1108,1111,1114,1117,1120,1123,1126,1129,1132,1135,1138,1141,1144,1147,1150,1153,1156,1159,1162,1165,1168,1171,1174,1177,1180,1183,1186],{"title":1093,"path":1094,"stem":1095},{"title":842,"path":1099,"stem":1100},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1102,"path":1103,"stem":1104},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":850,"path":1106,"stem":1107},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":872,"path":1109,"stem":1110},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":876,"path":1112,"stem":1113},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":898,"path":1115,"stem":1116},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":902,"path":1118,"stem":1119},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":906,"path":1121,"stem":1122},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":910,"path":1124,"stem":1125},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":914,"path":1127,"stem":1128},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":944,"path":1130,"stem":1131},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":948,"path":1133,"stem":1134},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":952,"path":1136,"stem":1137},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":956,"path":1139,"stem":1140},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":974,"path":1142,"stem":1143},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":978,"path":1145,"stem":1146},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":982,"path":1148,"stem":1149},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":986,"path":1151,"stem":1152},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":990,"path":1154,"stem":1155},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":1007,"path":1157,"stem":1158},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":1021,"path":1160,"stem":1161},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":1025,"path":1163,"stem":1164},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":1029,"path":1166,"stem":1167},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":1051,"path":1169,"stem":1170},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1055,"path":1172,"stem":1173},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1059,"path":1175,"stem":1176},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1063,"path":1178,"stem":1179},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1067,"path":1181,"stem":1182},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1071,"path":1184,"stem":1185},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1075,"path":1187,"stem":1188},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1190,"path":1191,"stem":1192,"children":1193},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1194,1195,1199,1221,1225,1247],{"title":1190,"path":1191,"stem":1192},{"title":1196,"path":1197,"stem":1198},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1200,"path":1201,"stem":1202,"children":1203},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1204,1205,1209,1213,1217],{"title":1200,"path":1201,"stem":1202},{"title":1206,"path":1207,"stem":1208},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1210,"path":1211,"stem":1212},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1214,"path":1215,"stem":1216},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1218,"path":1219,"stem":1220},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1222,"path":1223,"stem":1224},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1226,"path":1227,"stem":1228,"children":1229},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1230,1231,1235,1239,1243],{"title":1226,"path":1227,"stem":1228},{"title":1232,"path":1233,"stem":1234},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1236,"path":1237,"stem":1238},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1240,"path":1241,"stem":1242},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1244,"path":1245,"stem":1246},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1248,"path":1249,"stem":1250},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1252,"path":1253,"stem":1254,"children":1255},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1256,1257,1261],{"title":1252,"path":1253,"stem":1254},{"title":1258,"path":1259,"stem":1260},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1262,"path":1263,"stem":1264,"children":1265},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1266,1267,1271],{"title":1262,"path":1263,"stem":1264},{"title":1268,"path":1269,"stem":1270},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1272,"path":1273,"stem":1274},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1276,"path":1277,"stem":1278,"children":1279},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1280,1281,1285,1289,1293,1297,1301,1305,1309,1313,1317,1321,1325,1329,1333,1337],{"title":1276,"path":1277,"stem":1278},{"title":1282,"path":1283,"stem":1284},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1286,"path":1287,"stem":1288},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1290,"path":1291,"stem":1292},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1294,"path":1295,"stem":1296},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1298,"path":1299,"stem":1300},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1302,"path":1303,"stem":1304},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1306,"path":1307,"stem":1308},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1310,"path":1311,"stem":1312},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1314,"path":1315,"stem":1316},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1318,"path":1319,"stem":1320},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1322,"path":1323,"stem":1324},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1326,"path":1327,"stem":1328},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1330,"path":1331,"stem":1332},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1334,"path":1335,"stem":1336},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1338,"path":1339,"stem":1340},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657824960]