[{"data":1,"prerenderedAt":1812},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls":1240,"sidebar-android-secure-coding-standard":1249},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":41,"extension":1226,"meta":1227,"navigation":7,"path":1236,"seo":1237,"stem":1238,"__hash__":1239},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls.md","DRD19. Properly verify server certificate on SSL\u002FTLS",{"type":32,"value":33,"toc":1217},"minimark",[34,38,42,58,81,84,93,122,129,134,145,951,973,991,995,1005,1009,1012,1074,1078,1081,1084,1087,1090,1093,1097,1131,1135,1163,1167,1188,1191,1213],[35,36,30],"h1",{"id":37},"drd19-properly-verify-server-certificate-on-ssltls",[39,40,41],"p",{},"Android apps that use SSL\u002FTLS protocols for secure communication should properly verify server certificates. The basic verification includes:",[43,44,45,49,52,55],"ul",{},[46,47,48],"li",{},"verify that the subject (CN) of X.509 certificate and the URL matches",[46,50,51],{},"verify that the certificate is signed by the trusted CA",[46,53,54],{},"verify that the signature is correct",[46,56,57],{},"verify that the certificate is not expired",[39,59,60,61,65,66,65,69,72,73,76,77,80],{},"Android SDK  4.0 and later offers packages to implement capabilities to establish network connections. For example, by using ",[62,63,64],"code",{},"java.net"," , ",[62,67,68],{},"javax.net",[62,70,71],{},"android.net"," or ",[62,74,75],{},"org.apache.http"," , a developer can create server sockets or HTTP connection. ",[62,78,79],{},"org.webkit"," offers functions necessary to implement web browsing capabilities.",[39,82,83],{},"A developer has the freedom to customize their SSL implementation. The developer should properly use SSL as appropriate to the intent of the app and the environment the apps are used in. If the SSL is not correctly used, a user's sensitive data may leak via the vulnerable SSL communication channel.",[39,85,86,87,92],{},"Fahl et al [ ",[88,89,91],"a",{"href":90},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-Fahl2012","Fahl 2012"," ] describes the following patterns of the insecure use of SSL:",[43,94,95,102,116],{},[46,96,97,101],{},[98,99,100],"strong",{},"Trusting All Certificates:"," The developer implements the TrustManager interface so that it will trust all the server certificate (regardless of who signed it, what is the CN etc.)",[46,103,104,107,108,111,112,115],{},[98,105,106],{},"Allowing All Hostnames:"," The app does not verify if the certificate is issued for the URL the client is connecting to. For example, when a client connects to ",[62,109,110],{},"example.com"," , it will accept a server certificate issued for ",[62,113,114],{},"some-other-domain.com"," .",[46,117,118,121],{},[98,119,120],{},"Mixed-Mode\u002FNo SSL:"," A developer mixes secure and insecure connections in the same app or does not use SSL at all.",[39,123,124,125,128],{},"On Android, using ",[62,126,127],{},"HttpURLConnection"," is recommended for HTTP client implementation.",[130,131,133],"h2",{"id":132},"noncompliant-code-example","Noncompliant Code Example",[39,135,136,137,140,141,144],{},"The following code implements a custom ",[62,138,139],{},"MySSLSocketFactory"," class that inherits ",[62,142,143],{},"javax.net.ssl.SSLContext"," :",[146,147,149],"code-block",{"quality":148},"bad",[150,151,156],"pre",{"className":152,"code":153,"language":154,"meta":155,"style":155},"language-java shiki shiki-themes github-light github-dark monokai","public class extends SSLSocketFactory {\n    SSLContext sslContext;\npublic MySSLSocketFactory (KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException,\nKeyStoreException, UnrecoverableKeyException {\n    super(truststore);\n    this.sslContext = SSLContext.getInstance(\"TLS\");\n    this.sslContext.init (null, new TrustManager[] {new X509TrustManager() {\n            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException\n            {\n            }\n            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException\n            {\n            }\n            public X509Certificate[] getAcceptedIssuers() {\n                return null;\n            }\n        }}, null);\n}\n    public Socket createSocket() throws IOException {\n        return this.sslContext.getSocketFactory().createSocket();\n    }\n    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException\n                                                                                               , UnknownHostException {\n        return this.sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);\n    }\n}\n \n public static HttpClient getNewHttpClient() {\n            DefaultHttpClient v6;\n            try {\n                KeyStore v5 = KeyStore.getInstance(KeyStore.getDefaultType());\n                v5.load(null, null);\n                MySSLSocketFactory mySSLScoket = new MySSLSocketFactory(v5);\n                if(DefineRelease.sAllowAllSSL) {\n                    ((SSLSocketFactory)mySSLScoket).setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);\n                }\n                BasicHttpParams v2 = new BasicHttpParams();\n                HttpConnectionParams.setConnectionTimeout(((HttpParams)v2), 30000);\n                HttpConnectionParams.setSoTimeout(((HttpParams)v2), 30000);\n                HttpProtocolParams.setVersion(((HttpParams)v2), HttpVersion.HTTP_1_1);\n                HttpProtocolParams.setContentCharset(((HttpParams)v2), \"UTF-8\");\n                SchemeRegistry v3 = new SchemeRegistry();\n                v3.register(new Scheme(\"http\", PlainSocketFactory.getSocketFactory(), 80));\n                v3.register(new Scheme(\"https\", ((SocketFactory)mySSLScoket), 443));\n                v6 = new DefaultHttpClient(new ThreadSafeClientConnManager(((HttpParams)v2), v3), ((HttpParams)v2));\n            }\n            catch(Exception v1) {\n                v6 = new DefaultHttpClient();\n            }\n            return ((HttpClient)v6);\n}   \n","java","",[62,157,158,178,188,225,239,249,277,314,352,358,364,394,399,404,419,431,436,446,452,474,497,503,550,561,579,584,589,595,612,621,629,654,673,692,701,713,719,737,754,768,780,795,813,848,874,897,902,919,932,937,946],{"__ignoreMap":155},[159,160,163,167,170,174],"span",{"class":161,"line":162},"line",1,[159,164,166],{"class":165},"sC2Qs","public",[159,168,169],{"class":165}," class",[159,171,173],{"class":172},"sz2Vg"," extends",[159,175,177],{"class":176},"sMOD_"," SSLSocketFactory {\n",[159,179,181,185],{"class":161,"line":180},2,[159,182,184],{"class":183},"sk8M1","    SSLContext",[159,186,187],{"class":176}," sslContext;\n",[159,189,191,193,197,200,203,207,210,213,216,219,222],{"class":161,"line":190},3,[159,192,166],{"class":165},[159,194,196],{"class":195},"srTi1"," MySSLSocketFactory",[159,198,199],{"class":176}," (",[159,201,202],{"class":183},"KeyStore",[159,204,206],{"class":205},"sTHNf"," truststore",[159,208,209],{"class":176},") ",[159,211,212],{"class":165},"throws",[159,214,215],{"class":183}," NoSuchAlgorithmException",[159,217,218],{"class":176},", ",[159,220,221],{"class":183},"KeyManagementException",[159,223,224],{"class":176},",\n",[159,226,228,231,233,236],{"class":161,"line":227},4,[159,229,230],{"class":183},"KeyStoreException",[159,232,218],{"class":176},[159,234,235],{"class":183},"UnrecoverableKeyException",[159,237,238],{"class":176}," {\n",[159,240,242,246],{"class":161,"line":241},5,[159,243,245],{"class":244},"sP7S_","    super",[159,247,248],{"class":176},"(truststore);\n",[159,250,252,255,258,261,264,267,270,274],{"class":161,"line":251},6,[159,253,254],{"class":244},"    this",[159,256,257],{"class":176},".sslContext ",[159,259,260],{"class":165},"=",[159,262,263],{"class":176}," SSLContext.",[159,265,266],{"class":195},"getInstance",[159,268,269],{"class":176},"(",[159,271,273],{"class":272},"sstjo","\"TLS\"",[159,275,276],{"class":176},");\n",[159,278,280,282,285,288,290,294,296,299,303,306,308,311],{"class":161,"line":279},7,[159,281,254],{"class":244},[159,283,284],{"class":176},".sslContext.",[159,286,287],{"class":195},"init",[159,289,199],{"class":176},[159,291,293],{"class":292},"s7F3e","null",[159,295,218],{"class":176},[159,297,298],{"class":165},"new",[159,300,302],{"class":301},"sq6CD"," TrustManager",[159,304,305],{"class":176},"[] {",[159,307,298],{"class":165},[159,309,310],{"class":195}," X509TrustManager",[159,312,313],{"class":176},"() {\n",[159,315,317,320,323,326,328,331,334,337,339,342,345,347,349],{"class":161,"line":316},8,[159,318,319],{"class":165},"            public",[159,321,322],{"class":301}," void",[159,324,325],{"class":195}," checkClientTrusted",[159,327,269],{"class":176},[159,329,330],{"class":301},"X509Certificate",[159,332,333],{"class":176},"[] ",[159,335,336],{"class":205},"chain",[159,338,218],{"class":176},[159,340,341],{"class":183},"String",[159,343,344],{"class":205}," authType",[159,346,209],{"class":176},[159,348,212],{"class":165},[159,350,351],{"class":183}," CertificateException\n",[159,353,355],{"class":161,"line":354},9,[159,356,357],{"class":176},"            {\n",[159,359,361],{"class":161,"line":360},10,[159,362,363],{"class":176},"            }\n",[159,365,367,369,371,374,376,378,380,382,384,386,388,390,392],{"class":161,"line":366},11,[159,368,319],{"class":165},[159,370,322],{"class":301},[159,372,373],{"class":195}," checkServerTrusted",[159,375,269],{"class":176},[159,377,330],{"class":301},[159,379,333],{"class":176},[159,381,336],{"class":205},[159,383,218],{"class":176},[159,385,341],{"class":183},[159,387,344],{"class":205},[159,389,209],{"class":176},[159,391,212],{"class":165},[159,393,351],{"class":183},[159,395,397],{"class":161,"line":396},12,[159,398,357],{"class":176},[159,400,402],{"class":161,"line":401},13,[159,403,363],{"class":176},[159,405,407,409,412,414,417],{"class":161,"line":406},14,[159,408,319],{"class":165},[159,410,411],{"class":301}," X509Certificate",[159,413,333],{"class":176},[159,415,416],{"class":195},"getAcceptedIssuers",[159,418,313],{"class":176},[159,420,422,425,428],{"class":161,"line":421},15,[159,423,424],{"class":165},"                return",[159,426,427],{"class":292}," null",[159,429,430],{"class":176},";\n",[159,432,434],{"class":161,"line":433},16,[159,435,363],{"class":176},[159,437,439,442,444],{"class":161,"line":438},17,[159,440,441],{"class":176},"        }}, ",[159,443,293],{"class":292},[159,445,276],{"class":176},[159,447,449],{"class":161,"line":448},18,[159,450,451],{"class":176},"}\n",[159,453,455,458,461,464,467,469,472],{"class":161,"line":454},19,[159,456,457],{"class":165},"    public",[159,459,460],{"class":183}," Socket",[159,462,463],{"class":195}," createSocket",[159,465,466],{"class":176},"() ",[159,468,212],{"class":165},[159,470,471],{"class":183}," IOException",[159,473,238],{"class":176},[159,475,477,480,483,485,488,491,494],{"class":161,"line":476},20,[159,478,479],{"class":165},"        return",[159,481,482],{"class":244}," this",[159,484,284],{"class":176},[159,486,487],{"class":195},"getSocketFactory",[159,489,490],{"class":176},"().",[159,492,493],{"class":195},"createSocket",[159,495,496],{"class":176},"();\n",[159,498,500],{"class":161,"line":499},21,[159,501,502],{"class":176},"    }\n",[159,504,506,508,510,512,514,517,520,522,524,527,529,532,535,537,540,543,545,547],{"class":161,"line":505},22,[159,507,457],{"class":165},[159,509,460],{"class":183},[159,511,463],{"class":195},[159,513,269],{"class":176},[159,515,516],{"class":183},"Socket",[159,518,519],{"class":205}," socket",[159,521,218],{"class":176},[159,523,341],{"class":183},[159,525,526],{"class":205}," host",[159,528,218],{"class":176},[159,530,531],{"class":301},"int",[159,533,534],{"class":205}," port",[159,536,218],{"class":176},[159,538,539],{"class":301},"boolean",[159,541,542],{"class":205}," autoClose",[159,544,209],{"class":176},[159,546,212],{"class":165},[159,548,549],{"class":183}," IOException\n",[159,551,553,556,559],{"class":161,"line":552},23,[159,554,555],{"class":176},"                                                                                               , ",[159,557,558],{"class":183},"UnknownHostException",[159,560,238],{"class":176},[159,562,564,566,568,570,572,574,576],{"class":161,"line":563},24,[159,565,479],{"class":165},[159,567,482],{"class":244},[159,569,284],{"class":176},[159,571,487],{"class":195},[159,573,490],{"class":176},[159,575,493],{"class":195},[159,577,578],{"class":176},"(socket, host, port, autoClose);\n",[159,580,582],{"class":161,"line":581},25,[159,583,502],{"class":176},[159,585,587],{"class":161,"line":586},26,[159,588,451],{"class":176},[159,590,592],{"class":161,"line":591},27,[159,593,594],{"class":176}," \n",[159,596,598,601,604,607,610],{"class":161,"line":597},28,[159,599,600],{"class":165}," public",[159,602,603],{"class":165}," static",[159,605,606],{"class":183}," HttpClient",[159,608,609],{"class":195}," getNewHttpClient",[159,611,313],{"class":176},[159,613,615,618],{"class":161,"line":614},29,[159,616,617],{"class":183},"            DefaultHttpClient",[159,619,620],{"class":176}," v6;\n",[159,622,624,627],{"class":161,"line":623},30,[159,625,626],{"class":165},"            try",[159,628,238],{"class":176},[159,630,632,635,638,640,643,645,648,651],{"class":161,"line":631},31,[159,633,634],{"class":183},"                KeyStore",[159,636,637],{"class":176}," v5 ",[159,639,260],{"class":165},[159,641,642],{"class":176}," KeyStore.",[159,644,266],{"class":195},[159,646,647],{"class":176},"(KeyStore.",[159,649,650],{"class":195},"getDefaultType",[159,652,653],{"class":176},"());\n",[159,655,657,660,663,665,667,669,671],{"class":161,"line":656},32,[159,658,659],{"class":176},"                v5.",[159,661,662],{"class":195},"load",[159,664,269],{"class":176},[159,666,293],{"class":292},[159,668,218],{"class":176},[159,670,293],{"class":292},[159,672,276],{"class":176},[159,674,676,679,682,684,687,689],{"class":161,"line":675},33,[159,677,678],{"class":183},"                MySSLSocketFactory",[159,680,681],{"class":176}," mySSLScoket ",[159,683,260],{"class":165},[159,685,686],{"class":165}," new",[159,688,196],{"class":195},[159,690,691],{"class":176},"(v5);\n",[159,693,695,698],{"class":161,"line":694},34,[159,696,697],{"class":165},"                if",[159,699,700],{"class":176},"(DefineRelease.sAllowAllSSL) {\n",[159,702,704,707,710],{"class":161,"line":703},35,[159,705,706],{"class":176},"                    ((SSLSocketFactory)mySSLScoket).",[159,708,709],{"class":195},"setHostnameVerifier",[159,711,712],{"class":176},"(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);\n",[159,714,716],{"class":161,"line":715},36,[159,717,718],{"class":176},"                }\n",[159,720,722,725,728,730,732,735],{"class":161,"line":721},37,[159,723,724],{"class":183},"                BasicHttpParams",[159,726,727],{"class":176}," v2 ",[159,729,260],{"class":165},[159,731,686],{"class":165},[159,733,734],{"class":195}," BasicHttpParams",[159,736,496],{"class":176},[159,738,740,743,746,749,752],{"class":161,"line":739},38,[159,741,742],{"class":176},"                HttpConnectionParams.",[159,744,745],{"class":195},"setConnectionTimeout",[159,747,748],{"class":176},"(((HttpParams)v2), ",[159,750,751],{"class":292},"30000",[159,753,276],{"class":176},[159,755,757,759,762,764,766],{"class":161,"line":756},39,[159,758,742],{"class":176},[159,760,761],{"class":195},"setSoTimeout",[159,763,748],{"class":176},[159,765,751],{"class":292},[159,767,276],{"class":176},[159,769,771,774,777],{"class":161,"line":770},40,[159,772,773],{"class":176},"                HttpProtocolParams.",[159,775,776],{"class":195},"setVersion",[159,778,779],{"class":176},"(((HttpParams)v2), HttpVersion.HTTP_1_1);\n",[159,781,783,785,788,790,793],{"class":161,"line":782},41,[159,784,773],{"class":176},[159,786,787],{"class":195},"setContentCharset",[159,789,748],{"class":176},[159,791,792],{"class":272},"\"UTF-8\"",[159,794,276],{"class":176},[159,796,798,801,804,806,808,811],{"class":161,"line":797},42,[159,799,800],{"class":183},"                SchemeRegistry",[159,802,803],{"class":176}," v3 ",[159,805,260],{"class":165},[159,807,686],{"class":165},[159,809,810],{"class":195}," SchemeRegistry",[159,812,496],{"class":176},[159,814,816,819,822,824,826,829,831,834,837,839,842,845],{"class":161,"line":815},43,[159,817,818],{"class":176},"                v3.",[159,820,821],{"class":195},"register",[159,823,269],{"class":176},[159,825,298],{"class":165},[159,827,828],{"class":195}," Scheme",[159,830,269],{"class":176},[159,832,833],{"class":272},"\"http\"",[159,835,836],{"class":176},", PlainSocketFactory.",[159,838,487],{"class":195},[159,840,841],{"class":176},"(), ",[159,843,844],{"class":292},"80",[159,846,847],{"class":176},"));\n",[159,849,851,853,855,857,859,861,863,866,869,872],{"class":161,"line":850},44,[159,852,818],{"class":176},[159,854,821],{"class":195},[159,856,269],{"class":176},[159,858,298],{"class":165},[159,860,828],{"class":195},[159,862,269],{"class":176},[159,864,865],{"class":272},"\"https\"",[159,867,868],{"class":176},", ((SocketFactory)mySSLScoket), ",[159,870,871],{"class":292},"443",[159,873,847],{"class":176},[159,875,877,880,882,884,887,889,891,894],{"class":161,"line":876},45,[159,878,879],{"class":176},"                v6 ",[159,881,260],{"class":165},[159,883,686],{"class":165},[159,885,886],{"class":195}," DefaultHttpClient",[159,888,269],{"class":176},[159,890,298],{"class":165},[159,892,893],{"class":195}," ThreadSafeClientConnManager",[159,895,896],{"class":176},"(((HttpParams)v2), v3), ((HttpParams)v2));\n",[159,898,900],{"class":161,"line":899},46,[159,901,363],{"class":176},[159,903,905,908,910,913,916],{"class":161,"line":904},47,[159,906,907],{"class":165},"            catch",[159,909,269],{"class":176},[159,911,912],{"class":183},"Exception",[159,914,915],{"class":205}," v1",[159,917,918],{"class":176},") {\n",[159,920,922,924,926,928,930],{"class":161,"line":921},48,[159,923,879],{"class":176},[159,925,260],{"class":165},[159,927,686],{"class":165},[159,929,886],{"class":195},[159,931,496],{"class":176},[159,933,935],{"class":161,"line":934},49,[159,936,363],{"class":176},[159,938,940,943],{"class":161,"line":939},50,[159,941,942],{"class":165},"            return",[159,944,945],{"class":176}," ((HttpClient)v6);\n",[159,947,949],{"class":161,"line":948},51,[159,950,451],{"class":176},[39,952,953,954,957,958,961,962,965,966,968,969,972],{},"In the example above, ",[62,955,956],{},"checkClientTrusted()"," and ",[62,959,960],{},"checkServerTrusted()"," are overriden to make a blank implementation so that ",[62,963,964],{},"SSLSocketFactory"," does not verify the SSL certificate. The ",[62,967,139],{}," class is used to create an instance of ",[62,970,971],{},"HttpClient"," in another part of the application.",[39,974,975,978,979,982,983,986,987,990],{},[62,976,977],{},"sAllowAllSSL"," , which is a static member of the ",[62,980,981],{},"DefineRelease"," class, is initialized to ",[62,984,985],{},"true"," in its static constructor. This will enable the use of ",[62,988,989],{},"SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER"," . As a result, host name verification that should take place when establishing an SSL connection is disabled and will lead to the same situation as all the certificate is trusted.",[130,992,994],{"id":993},"compliant-solution","Compliant Solution",[39,996,997,998,1004],{},"The compliant solution may vary, depending on the actual implementation. For examples of secure implementation such as using a self-signed server certificate, please refer to \" ",[88,999,1003],{"href":1000,"rel":1001},"http:\u002F\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding.pdf",[1002],"nofollow","Android Application Secure Design\u002FSecure Coding Guidebook"," \", Section 5.4 Communicate by HTTPS.",[130,1006,1008],{"id":1007},"risk-assessment","Risk Assessment",[39,1010,1011],{},"Not properly verifying the server certificate on SSL\u002FTLS may allow apps to connect to an imposter site, while fooling the user into thinking that the user is connected to an intended site. One example of associated risks is that this could expose a user's sensitive data.",[1013,1014,1015,1016,1015,1046],"table",{},"\n  ",[1017,1018,1019,1020,1015],"thead",{},"\n    ",[1021,1022,1023,1024,1023,1028,1023,1031,1023,1034,1023,1037,1023,1040,1023,1043,1019],"tr",{},"\n      ",[1025,1026,1027],"th",{},"Rule",[1025,1029,1030],{},"Severity",[1025,1032,1033],{},"Likelihood",[1025,1035,1036],{},"Detectable",[1025,1038,1039],{},"Repairable",[1025,1041,1042],{},"Priority",[1025,1044,1045],{},"Level",[1047,1048,1019,1049,1015],"tbody",{},[1021,1050,1023,1051,1023,1055,1023,1058,1023,1061,1023,1064,1023,1067,1023,1071,1019],{},[1052,1053,1054],"td",{},"DRD19",[1052,1056,1057],{},"High",[1052,1059,1060],{},"Probable",[1052,1062,1063],{},"Yes",[1052,1065,1066],{},"No",[1052,1068,1070],{"style":1069},"color: #e74c3c;","P12",[1052,1072,1073],{"style":1069},"L1",[130,1075,1077],{"id":1076},"automated-detection","Automated Detection",[39,1079,1080],{},"It is possible to automatically detect whether an application uses one of the three Android SDK packages named for establishing network connections, and to check if any of the methods from those classes are overriden by the application. It is not feasible to automatically determine the intent of the app or the environment the apps are used in.",[39,1082,1083],{},"Tool",[39,1085,1086],{},"Version",[39,1088,1089],{},"Checker",[39,1091,1092],{},"Description",[130,1094,1096],{"id":1095},"related-vulnerabilities","Related Vulnerabilities",[43,1098,1099,1107,1115,1123],{},[46,1100,1101,1106],{},[88,1102,1105],{"href":1103,"rel":1104},"http:\u002F\u002Fwww.kb.cert.org\u002Fvuls\u002Fid\u002F582497",[1002],"VU#582497"," Multiple Android applications fail to properly validate SSL certificates",[46,1108,1109,1114],{},[88,1110,1113],{"href":1111,"rel":1112},"http:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN39218538\u002F",[1002],"JVN#39218538"," Pizza Hut Japan Official Order App for Android has a problem whereby it fails to verify SSL server certificates.",[46,1116,1117,1122],{},[88,1118,1121],{"href":1119,"rel":1120},"http:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN75084836\u002F",[1002],"JVN#75084836"," Yome Collection for Android has a problem with management of IMEI.",[46,1124,1125,1130],{},[88,1126,1129],{"href":1127,"rel":1128},"http:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN68156832\u002F",[1002],"JVN#68156832"," Yafuoku! contains an issue where it fails to verify SSL server certificates.",[130,1132,1134],{"id":1133},"related-guidelines","Related Guidelines",[1013,1136,1137,1145],{},[1017,1138,1139],{},[1021,1140,1141,1143],{},[1025,1142],{},[1025,1144],{},[1047,1146,1147],{},[1021,1148,1149,1160],{},[1052,1150,1151,1159],{},[1152,1153,1154],"em",{},[88,1155,1158],{"href":1156,"rel":1157},"http:\u002F\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding_en.pdf",[1002],"Android Secure Design \u002F Secure Coding Guidebook"," by JSSEC",[1052,1161,1162],{},"5.4 Communicating via HTTPS",[130,1164,1166],{"id":1165},"bibliography","Bibliography",[1013,1168,1169,1177],{},[1017,1170,1171],{},[1021,1172,1173,1175],{},[1025,1174],{},[1025,1176],{},[1047,1178,1179],{},[1021,1180,1181,1185],{},[1052,1182,1183],{},[88,1184,91],{"href":90},[1052,1186,1187],{},"Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security",[1189,1190],"hr",{},[39,1192,1193,1200,1201,1200,1207],{},[88,1194,1196],{"href":1195},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FDCL23-C.+Guarantee+that+mutually+visible+identifiers+are+unique",[1197,1198],"img",{"src":1199},"\u002Fattachments\u002F87152044\u002F88034188.png"," ",[88,1202,1204],{"href":1203},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=331",[1197,1205],{"src":1206},"\u002Fattachments\u002F87152044\u002F88034190.png",[88,1208,1210],{"href":1209},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FDCL31-C.+Declare+identifiers+before+using+them?showChildren=false&showComments=false",[1197,1211],{"src":1212},"\u002Fattachments\u002F87152044\u002F88034189.png",[1214,1215,1216],"style",{},"html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sz2Vg, html code.shiki .sz2Vg{--shiki-default:#6F42C1;--shiki-default-text-decoration:inherit;--shiki-dark:#B392F0;--shiki-dark-text-decoration:inherit;--shiki-sepia:#A6E22E;--shiki-sepia-text-decoration:underline}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sTHNf, html code.shiki .sTHNf{--shiki-default:#E36209;--shiki-default-font-style:inherit;--shiki-dark:#FFAB70;--shiki-dark-font-style:inherit;--shiki-sepia:#FD971F;--shiki-sepia-font-style:italic}html pre.shiki code .sP7S_, html code.shiki .sP7S_{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#FD971F}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}",{"title":155,"searchDepth":180,"depth":180,"links":1218},[1219,1220,1221,1222,1223,1224,1225],{"id":132,"depth":180,"text":133},{"id":993,"depth":180,"text":994},{"id":1007,"depth":180,"text":1008},{"id":1076,"depth":180,"text":1077},{"id":1095,"depth":180,"text":1096},{"id":1133,"depth":180,"text":1134},{"id":1165,"depth":180,"text":1166},"md",{"tags":1228},[1229,1230,1231,1232,1233,1234,1235],"android-applicable","rule","drd","incomplete","draft","net","general","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls",{"title":30,"description":41},"3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls","MbaIEiVonPrmATj0OY7xgncW1gYveNNP0yxzZ5saiaw",[1241,1245],{"title":1242,"path":1243,"stem":1244,"children":-1},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":1246,"path":1247,"stem":1248,"children":-1},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",[1250],{"title":1251,"path":1252,"stem":1253,"children":1254},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[1255,1256,1306,1563,1660,1722,1746],{"title":1251,"path":1252,"stem":1253},{"title":1257,"path":1258,"stem":1259,"children":1260},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[1261,1262,1284],{"title":1257,"path":1258,"stem":1259},{"title":1263,"path":1264,"stem":1265,"children":1266},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[1267,1268,1272,1276,1280],{"title":1263,"path":1264,"stem":1265},{"title":1269,"path":1270,"stem":1271},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":1273,"path":1274,"stem":1275},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":1277,"path":1278,"stem":1279},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":1281,"path":1282,"stem":1283},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":1285,"path":1286,"stem":1287,"children":1288},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[1289,1290,1294,1298,1302],{"title":1285,"path":1286,"stem":1287},{"title":1291,"path":1292,"stem":1293},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":1295,"path":1296,"stem":1297},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":1299,"path":1300,"stem":1301},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":1303,"path":1304,"stem":1305},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":1307,"path":1308,"stem":1309,"children":1310},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[1311,1312,1316,1320,1342,1346,1368,1372,1376,1380,1384,1414,1418,1422,1426,1444,1448,1452,1456,1460,1486,1494,1495,1499,1521,1525,1529,1533,1537,1541,1545],{"title":1307,"path":1308,"stem":1309},{"title":1313,"path":1314,"stem":1315},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":1317,"path":1318,"stem":1319},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":1321,"path":1322,"stem":1323,"children":1324},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[1325,1326,1330,1334,1338],{"title":1321,"path":1322,"stem":1323},{"title":1327,"path":1328,"stem":1329},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":1331,"path":1332,"stem":1333},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":1335,"path":1336,"stem":1337},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":1339,"path":1340,"stem":1341},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":1343,"path":1344,"stem":1345},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":1347,"path":1348,"stem":1349,"children":1350},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[1351,1352,1356,1360,1364],{"title":1347,"path":1348,"stem":1349},{"title":1353,"path":1354,"stem":1355},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":1357,"path":1358,"stem":1359},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":1361,"path":1362,"stem":1363},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":1365,"path":1366,"stem":1367},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":1369,"path":1370,"stem":1371},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":1373,"path":1374,"stem":1375},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":1377,"path":1378,"stem":1379},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":1381,"path":1382,"stem":1383},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":1385,"path":1386,"stem":1387,"children":1388},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[1389,1390,1394,1398,1402,1406,1410],{"title":1385,"path":1386,"stem":1387},{"title":1391,"path":1392,"stem":1393},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":1395,"path":1396,"stem":1397},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":1399,"path":1400,"stem":1401},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":1403,"path":1404,"stem":1405},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":1407,"path":1408,"stem":1409},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":1411,"path":1412,"stem":1413},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":1415,"path":1416,"stem":1417},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":1419,"path":1420,"stem":1421},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":1423,"path":1424,"stem":1425},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":1427,"path":1428,"stem":1429,"children":1430},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[1431,1432,1436,1440],{"title":1427,"path":1428,"stem":1429},{"title":1433,"path":1434,"stem":1435},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":1437,"path":1438,"stem":1439},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":1441,"path":1442,"stem":1443},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":1445,"path":1446,"stem":1447},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":1449,"path":1450,"stem":1451},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":1453,"path":1454,"stem":1455},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":1457,"path":1458,"stem":1459},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":1461,"path":1462,"stem":1463,"children":1464},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[1465,1466,1470,1474,1478,1482],{"title":1461,"path":1462,"stem":1463},{"title":1467,"path":1468,"stem":1469},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":1471,"path":1472,"stem":1473},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":1475,"path":1476,"stem":1477},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":1479,"path":1480,"stem":1481},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":1483,"path":1484,"stem":1485},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":1487,"path":1488,"stem":1489,"children":1490},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[1491,1492,1493],{"title":1487,"path":1488,"stem":1489},{"title":1242,"path":1243,"stem":1244},{"title":30,"path":1236,"stem":1238},{"title":1246,"path":1247,"stem":1248},{"title":1496,"path":1497,"stem":1498},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":1500,"path":1501,"stem":1502,"children":1503},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[1504,1505,1509,1513,1517],{"title":1500,"path":1501,"stem":1502},{"title":1506,"path":1507,"stem":1508},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":1510,"path":1511,"stem":1512},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":1514,"path":1515,"stem":1516},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":1518,"path":1519,"stem":1520},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":1522,"path":1523,"stem":1524},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1526,"path":1527,"stem":1528},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1530,"path":1531,"stem":1532},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1534,"path":1535,"stem":1536},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1538,"path":1539,"stem":1540},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1542,"path":1543,"stem":1544},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1546,"path":1547,"stem":1548,"children":1549},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[1550,1551,1555,1559],{"title":1546,"path":1547,"stem":1548},{"title":1552,"path":1553,"stem":1554},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":1556,"path":1557,"stem":1558},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":1560,"path":1561,"stem":1562},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1564,"path":1565,"stem":1566,"children":1567},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1568,1569,1572,1576,1579,1582,1585,1588,1591,1594,1597,1600,1603,1606,1609,1612,1615,1618,1621,1624,1627,1630,1633,1636,1639,1642,1645,1648,1651,1654,1657],{"title":1564,"path":1565,"stem":1566},{"title":1313,"path":1570,"stem":1571},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1573,"path":1574,"stem":1575},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":1321,"path":1577,"stem":1578},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":1343,"path":1580,"stem":1581},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":1347,"path":1583,"stem":1584},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":1369,"path":1586,"stem":1587},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":1373,"path":1589,"stem":1590},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":1377,"path":1592,"stem":1593},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":1381,"path":1595,"stem":1596},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":1385,"path":1598,"stem":1599},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":1415,"path":1601,"stem":1602},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":1419,"path":1604,"stem":1605},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":1423,"path":1607,"stem":1608},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":1427,"path":1610,"stem":1611},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":1445,"path":1613,"stem":1614},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":1449,"path":1616,"stem":1617},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":1453,"path":1619,"stem":1620},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":1457,"path":1622,"stem":1623},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":1461,"path":1625,"stem":1626},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":1487,"path":1628,"stem":1629},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":1246,"path":1631,"stem":1632},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":1496,"path":1634,"stem":1635},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":1500,"path":1637,"stem":1638},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":1522,"path":1640,"stem":1641},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1526,"path":1643,"stem":1644},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1530,"path":1646,"stem":1647},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1534,"path":1649,"stem":1650},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1538,"path":1652,"stem":1653},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1542,"path":1655,"stem":1656},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1546,"path":1658,"stem":1659},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1661,"path":1662,"stem":1663,"children":1664},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1665,1666,1670,1692,1696,1718],{"title":1661,"path":1662,"stem":1663},{"title":1667,"path":1668,"stem":1669},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1671,"path":1672,"stem":1673,"children":1674},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1675,1676,1680,1684,1688],{"title":1671,"path":1672,"stem":1673},{"title":1677,"path":1678,"stem":1679},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1681,"path":1682,"stem":1683},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1685,"path":1686,"stem":1687},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1689,"path":1690,"stem":1691},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1693,"path":1694,"stem":1695},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1697,"path":1698,"stem":1699,"children":1700},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1701,1702,1706,1710,1714],{"title":1697,"path":1698,"stem":1699},{"title":1703,"path":1704,"stem":1705},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1707,"path":1708,"stem":1709},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1711,"path":1712,"stem":1713},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1715,"path":1716,"stem":1717},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1719,"path":1720,"stem":1721},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1723,"path":1724,"stem":1725,"children":1726},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1727,1728,1732],{"title":1723,"path":1724,"stem":1725},{"title":1729,"path":1730,"stem":1731},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1733,"path":1734,"stem":1735,"children":1736},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1737,1738,1742],{"title":1733,"path":1734,"stem":1735},{"title":1739,"path":1740,"stem":1741},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1743,"path":1744,"stem":1745},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1747,"path":1748,"stem":1749,"children":1750},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1751,1752,1756,1760,1764,1768,1772,1776,1780,1784,1788,1792,1796,1800,1804,1808],{"title":1747,"path":1748,"stem":1749},{"title":1753,"path":1754,"stem":1755},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1757,"path":1758,"stem":1759},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1761,"path":1762,"stem":1763},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1765,"path":1766,"stem":1767},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1769,"path":1770,"stem":1771},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1773,"path":1774,"stem":1775},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1777,"path":1778,"stem":1779},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1781,"path":1782,"stem":1783},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1785,"path":1786,"stem":1787},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1789,"path":1790,"stem":1791},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1793,"path":1794,"stem":1795},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1797,"path":1798,"stem":1799},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1801,"path":1802,"stem":1803},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1805,"path":1806,"stem":1807},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1809,"path":1810,"stem":1811},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657825559]