[{"data":1,"prerenderedAt":1254},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c":682,"sidebar-android-secure-coding-standard":691},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":82,"extension":670,"meta":671,"navigation":7,"path":678,"seo":679,"stem":680,"__hash__":681},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c.md","DRD20-C. Specify permissions when creating files via the NDK",{"type":32,"value":33,"toc":661},"minimark",[34,38,42,46,49,52,55,64,69,72,155,159,162,260,264,267,502,506,509,571,575,578,581,584,587,590,594,598,632,635,657],[35,36,30],"h1",{"id":37},"drd20-c-specify-permissions-when-creating-files-via-the-ndk",[35,39,41],{"id":40},"this-coding-rule-or-guideline-is-under-construction","(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)",[43,44,45],"p",{},"When the standard methods of creating files in the Android SDK are used, the output files are created with the following permissions:",[43,47,48],{},"-rw-rw-r--",[43,50,51],{},"The result is a file that is world readable but not writable. If one were to instead create a file via the native development kit using the Java native interface and relied on the default permissions, the result would be a new file with the following permissions :",[43,53,54],{},"-rw-rw-rw-",[43,56,57,58,63],{},"This new file ends up being world readable and world writable because when native code is used to create files, the umask of the zygote process (which is set to 000) is inherited. Such relaxed permissions could potentially lead to security issues since the new file may be corrupted intentionally or otherwise by another application on the device if the file location is known [ ",[59,60,62],"a",{"href":61},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-Intrepidus2012","Intrepidus 2012"," ].",[65,66,68],"h2",{"id":67},"noncompliant-code-example","Noncompliant Code Example",[43,70,71],{},"In this noncompliant example, native C code is used to create a text file and write to it. However, this will result in a new file that is both world readable and writable.",[73,74,76],"code-block",{"quality":75},"bad",[77,78,83],"pre",{"className":79,"code":80,"language":81,"meta":82,"style":82},"language-cpp shiki shiki-themes github-light github-dark monokai","FILE * fp = fopen(\"\u002Fdata\u002Fdata\u002Fcom.mine.work\u002Ffile.txt\", \"a\");\nfprintf(fp, \"Don't alter this content.\\n\");\nfclose(fp);\n","cpp","",[84,85,86,125,146],"code",{"__ignoreMap":82},[87,88,91,95,99,102,105,109,112,116,119,122],"span",{"class":89,"line":90},"line",1,[87,92,94],{"class":93},"sMOD_","FILE ",[87,96,98],{"class":97},"sC2Qs","*",[87,100,101],{"class":93}," fp ",[87,103,104],{"class":97},"=",[87,106,108],{"class":107},"srTi1"," fopen",[87,110,111],{"class":93},"(",[87,113,115],{"class":114},"sstjo","\"\u002Fdata\u002Fdata\u002Fcom.mine.work\u002Ffile.txt\"",[87,117,118],{"class":93},", ",[87,120,121],{"class":114},"\"a\"",[87,123,124],{"class":93},");\n",[87,126,128,131,134,137,141,144],{"class":89,"line":127},2,[87,129,130],{"class":107},"fprintf",[87,132,133],{"class":93},"(fp, ",[87,135,136],{"class":114},"\"Don't alter this content.",[87,138,140],{"class":139},"s7F3e","\\n",[87,142,143],{"class":114},"\"",[87,145,124],{"class":93},[87,147,149,152],{"class":89,"line":148},3,[87,150,151],{"class":107},"fclose",[87,153,154],{"class":93},"(fp);\n",[65,156,158],{"id":157},"compliant-solution-set-umask","Compliant Solution (Set Umask)",[43,160,161],{},"In this compliant example, the user forces the permissions of the created file to match those of the SDK by changing the process's umask using the umask() C library call.",[73,163,165],{"quality":164},"good",[77,166,168],{"className":79,"code":167,"language":81,"meta":82,"style":82},"umask(002);\nFILE * fp = fopen(\"\u002Fdata\u002Fdata\u002Fcom.mine.work\u002Ffile.txt\", \"a\");\nif (fp == NULL) {\n  \u002F* Handle error *\u002F\n}\nfprintf(fp, \"Don't corrupt this content.\\n\");\nfclose(fp);\n",[84,169,170,185,207,224,231,237,253],{"__ignoreMap":82},[87,171,172,175,177,180,183],{"class":89,"line":90},[87,173,174],{"class":107},"umask",[87,176,111],{"class":93},[87,178,179],{"class":97},"0",[87,181,182],{"class":139},"02",[87,184,124],{"class":93},[87,186,187,189,191,193,195,197,199,201,203,205],{"class":89,"line":127},[87,188,94],{"class":93},[87,190,98],{"class":97},[87,192,101],{"class":93},[87,194,104],{"class":97},[87,196,108],{"class":107},[87,198,111],{"class":93},[87,200,115],{"class":114},[87,202,118],{"class":93},[87,204,121],{"class":114},[87,206,124],{"class":93},[87,208,209,212,215,218,221],{"class":89,"line":148},[87,210,211],{"class":97},"if",[87,213,214],{"class":93}," (fp ",[87,216,217],{"class":97},"==",[87,219,220],{"class":139}," NULL",[87,222,223],{"class":93},") {\n",[87,225,227],{"class":89,"line":226},4,[87,228,230],{"class":229},"s8-w5","  \u002F* Handle error *\u002F\n",[87,232,234],{"class":89,"line":233},5,[87,235,236],{"class":93},"}\n",[87,238,240,242,244,247,249,251],{"class":89,"line":239},6,[87,241,130],{"class":107},[87,243,133],{"class":93},[87,245,246],{"class":114},"\"Don't corrupt this content.",[87,248,140],{"class":139},[87,250,143],{"class":114},[87,252,124],{"class":93},[87,254,256,258],{"class":89,"line":255},7,[87,257,151],{"class":107},[87,259,154],{"class":93},[65,261,263],{"id":262},"compliant-solution-specify-file-permissions","Compliant Solution (Specify File Permissions)",[43,265,266],{},"In this compliant example, the user explicitly specifies the created file's permissions using the open() system call.",[73,268,269],{"quality":164},[77,270,272],{"className":79,"code":271,"language":81,"meta":82,"style":82},"const char * fn = \"\u002Fdata\u002Fdata\u002Fcom.mine.work\u002Ffile.txt\";\nconst char * content = \"Don't corrupt this content.\\n\";\nint fd = open(fn, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);\nif (fd == -1) {\n  \u002F* Handle error *\u002F\n}\nsize_t len = strlen(content);\nwhile (len > 0) {\n  ssize_t written = write(fd, content, len);\n  if (written == -1) {\n    \u002F* Handle error *\u002F\n  }\n  content += written;\n  len -= written;\n}\nclose(fd);\n",[84,273,274,297,319,361,378,382,386,402,419,436,453,459,465,477,488,493],{"__ignoreMap":82},[87,275,276,279,283,286,289,291,294],{"class":89,"line":90},[87,277,278],{"class":97},"const",[87,280,282],{"class":281},"sq6CD"," char",[87,284,285],{"class":97}," *",[87,287,288],{"class":93}," fn ",[87,290,104],{"class":97},[87,292,293],{"class":114}," \"\u002Fdata\u002Fdata\u002Fcom.mine.work\u002Ffile.txt\"",[87,295,296],{"class":93},";\n",[87,298,299,301,303,305,308,310,313,315,317],{"class":89,"line":127},[87,300,278],{"class":97},[87,302,282],{"class":281},[87,304,285],{"class":97},[87,306,307],{"class":93}," content ",[87,309,104],{"class":97},[87,311,312],{"class":114}," \"Don't corrupt this content.",[87,314,140],{"class":139},[87,316,143],{"class":114},[87,318,296],{"class":93},[87,320,321,324,327,329,332,335,338,341,343,346,348,351,353,356,358],{"class":89,"line":148},[87,322,323],{"class":281},"int",[87,325,326],{"class":93}," fd ",[87,328,104],{"class":97},[87,330,331],{"class":107}," open",[87,333,334],{"class":93},"(fn, O_CREAT",[87,336,337],{"class":97},"|",[87,339,340],{"class":93},"O_RDWR, S_IRUSR",[87,342,337],{"class":97},[87,344,345],{"class":93},"S_IWUSR",[87,347,337],{"class":97},[87,349,350],{"class":93},"S_IRGRP",[87,352,337],{"class":97},[87,354,355],{"class":93},"S_IWGRP",[87,357,337],{"class":97},[87,359,360],{"class":93},"S_IROTH);\n",[87,362,363,365,368,370,373,376],{"class":89,"line":226},[87,364,211],{"class":97},[87,366,367],{"class":93}," (fd ",[87,369,217],{"class":97},[87,371,372],{"class":97}," -",[87,374,375],{"class":139},"1",[87,377,223],{"class":93},[87,379,380],{"class":89,"line":233},[87,381,230],{"class":229},[87,383,384],{"class":89,"line":239},[87,385,236],{"class":93},[87,387,388,391,394,396,399],{"class":89,"line":255},[87,389,390],{"class":281},"size_t",[87,392,393],{"class":93}," len ",[87,395,104],{"class":97},[87,397,398],{"class":107}," strlen",[87,400,401],{"class":93},"(content);\n",[87,403,405,408,411,414,417],{"class":89,"line":404},8,[87,406,407],{"class":97},"while",[87,409,410],{"class":93}," (len ",[87,412,413],{"class":97},">",[87,415,416],{"class":139}," 0",[87,418,223],{"class":93},[87,420,422,425,428,430,433],{"class":89,"line":421},9,[87,423,424],{"class":281},"  ssize_t",[87,426,427],{"class":93}," written ",[87,429,104],{"class":97},[87,431,432],{"class":107}," write",[87,434,435],{"class":93},"(fd, content, len);\n",[87,437,439,442,445,447,449,451],{"class":89,"line":438},10,[87,440,441],{"class":97},"  if",[87,443,444],{"class":93}," (written ",[87,446,217],{"class":97},[87,448,372],{"class":97},[87,450,375],{"class":139},[87,452,223],{"class":93},[87,454,456],{"class":89,"line":455},11,[87,457,458],{"class":229},"    \u002F* Handle error *\u002F\n",[87,460,462],{"class":89,"line":461},12,[87,463,464],{"class":93},"  }\n",[87,466,468,471,474],{"class":89,"line":467},13,[87,469,470],{"class":93},"  content ",[87,472,473],{"class":97},"+=",[87,475,476],{"class":93}," written;\n",[87,478,480,483,486],{"class":89,"line":479},14,[87,481,482],{"class":93},"  len ",[87,484,485],{"class":97},"-=",[87,487,476],{"class":93},[87,489,491],{"class":89,"line":490},15,[87,492,236],{"class":93},[87,494,496,499],{"class":89,"line":495},16,[87,497,498],{"class":107},"close",[87,500,501],{"class":93},"(fd);\n",[65,503,505],{"id":504},"risk-assessment","Risk Assessment",[43,507,508],{},"Allowing the default permissions when a file is created in native code may allow sensitive data to be revealed or corrupted.",[510,511,512,513,512,543],"table",{},"\n  ",[514,515,516,517,512],"thead",{},"\n    ",[518,519,520,521,520,525,520,528,520,531,520,534,520,537,520,540,516],"tr",{},"\n      ",[522,523,524],"th",{},"Rule",[522,526,527],{},"Severity",[522,529,530],{},"Likelihood",[522,532,533],{},"Detectable",[522,535,536],{},"Repairable",[522,538,539],{},"Priority",[522,541,542],{},"Level",[544,545,516,546,512],"tbody",{},[518,547,520,548,520,552,520,555,520,558,520,561,520,564,520,568,516],{},[549,550,551],"td",{},"DRD20-C",[549,553,554],{},"High",[549,556,557],{},"Probable",[549,559,560],{},"Yes",[549,562,563],{},"No",[549,565,567],{"style":566},"color: #e74c3c;","P12",[549,569,570],{"style":566},"L1",[65,572,574],{"id":573},"automated-detection","Automated Detection",[43,576,577],{},"Calls to the functions that create files can be detected automatically but it is not feasible to automatically check that file permissions have been applied appropriately.",[43,579,580],{},"Tool",[43,582,583],{},"Version",[43,585,586],{},"Checker",[43,588,589],{},"Description",[65,591,593],{"id":592},"related-guidelines","Related Guidelines",[65,595,597],{"id":596},"bibliography","Bibliography",[510,599,602,611],{"className":600},[601],"wrapped",[603,604,605,609],"colgroup",{},[606,607],"col",{"style":608},"width: 50%",[606,610],{"style":608},[544,612,613],{},[518,614,617,625],{"className":615},[616],"odd",[549,618,619],{},[43,620,621,622,624],{},"[ ",[59,623,62],{"href":61}," ]",[549,626,627],{},[43,628,629],{},[630,631],"br",{},[633,634],"hr",{},[43,636,637,644,645,644,651],{},[59,638,640],{"href":639},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni00-j",[641,642],"img",{"src":643},"\u002Fattachments\u002F88487702\u002F88497198.png"," ",[59,646,648],{"href":647},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=121930001",[641,649],{"src":650},"\u002Fattachments\u002F88487702\u002F88497196.png",[59,652,654],{"href":653},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=18579861",[641,655],{"src":656},"\u002Fattachments\u002F88487702\u002F88497197.png",[658,659,660],"style",{},"html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}",{"title":82,"searchDepth":127,"depth":127,"links":662},[663,664,665,666,667,668,669],{"id":67,"depth":127,"text":68},{"id":157,"depth":127,"text":158},{"id":262,"depth":127,"text":263},{"id":504,"depth":127,"text":505},{"id":573,"depth":127,"text":574},{"id":592,"depth":127,"text":593},{"id":596,"depth":127,"text":597},"md",{"tags":672},[673,674,675,676,677],"rule","drd","c","android-applicable","per","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c",{"title":30,"description":82},"3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c","h4fBbPlwZf7JsFnJtVp2O1PzTdZq54KrqA_5tsTo1q4",[683,687],{"title":684,"path":685,"stem":686,"children":-1},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":688,"path":689,"stem":690,"children":-1},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",[692],{"title":693,"path":694,"stem":695,"children":696},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[697,698,748,1005,1102,1164,1188],{"title":693,"path":694,"stem":695},{"title":699,"path":700,"stem":701,"children":702},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[703,704,726],{"title":699,"path":700,"stem":701},{"title":705,"path":706,"stem":707,"children":708},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[709,710,714,718,722],{"title":705,"path":706,"stem":707},{"title":711,"path":712,"stem":713},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":715,"path":716,"stem":717},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":719,"path":720,"stem":721},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":723,"path":724,"stem":725},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":727,"path":728,"stem":729,"children":730},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[731,732,736,740,744],{"title":727,"path":728,"stem":729},{"title":733,"path":734,"stem":735},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":737,"path":738,"stem":739},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":741,"path":742,"stem":743},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":745,"path":746,"stem":747},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":749,"path":750,"stem":751,"children":752},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[753,754,758,762,784,788,810,814,818,822,826,856,860,864,868,886,890,894,898,902,928,942,946,950,966,967,971,975,979,983,987],{"title":749,"path":750,"stem":751},{"title":755,"path":756,"stem":757},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":759,"path":760,"stem":761},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":763,"path":764,"stem":765,"children":766},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[767,768,772,776,780],{"title":763,"path":764,"stem":765},{"title":769,"path":770,"stem":771},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":773,"path":774,"stem":775},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":777,"path":778,"stem":779},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":781,"path":782,"stem":783},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":785,"path":786,"stem":787},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":789,"path":790,"stem":791,"children":792},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[793,794,798,802,806],{"title":789,"path":790,"stem":791},{"title":795,"path":796,"stem":797},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":799,"path":800,"stem":801},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":803,"path":804,"stem":805},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":807,"path":808,"stem":809},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":811,"path":812,"stem":813},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":815,"path":816,"stem":817},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":819,"path":820,"stem":821},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":823,"path":824,"stem":825},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":827,"path":828,"stem":829,"children":830},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[831,832,836,840,844,848,852],{"title":827,"path":828,"stem":829},{"title":833,"path":834,"stem":835},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":837,"path":838,"stem":839},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":841,"path":842,"stem":843},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":845,"path":846,"stem":847},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":849,"path":850,"stem":851},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":853,"path":854,"stem":855},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":857,"path":858,"stem":859},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":861,"path":862,"stem":863},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":865,"path":866,"stem":867},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":869,"path":870,"stem":871,"children":872},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[873,874,878,882],{"title":869,"path":870,"stem":871},{"title":875,"path":876,"stem":877},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":879,"path":880,"stem":881},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":883,"path":884,"stem":885},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":887,"path":888,"stem":889},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":891,"path":892,"stem":893},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":895,"path":896,"stem":897},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":899,"path":900,"stem":901},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":903,"path":904,"stem":905,"children":906},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[907,908,912,916,920,924],{"title":903,"path":904,"stem":905},{"title":909,"path":910,"stem":911},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":913,"path":914,"stem":915},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":917,"path":918,"stem":919},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":921,"path":922,"stem":923},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":925,"path":926,"stem":927},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":929,"path":930,"stem":931,"children":932},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[933,934,938],{"title":929,"path":930,"stem":931},{"title":935,"path":936,"stem":937},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":939,"path":940,"stem":941},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":943,"path":944,"stem":945},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":947,"path":948,"stem":949},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":951,"path":952,"stem":953,"children":954},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[955,956,960,964,965],{"title":951,"path":952,"stem":953},{"title":957,"path":958,"stem":959},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":961,"path":962,"stem":963},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":684,"path":685,"stem":686},{"title":30,"path":678,"stem":680},{"title":688,"path":689,"stem":690},{"title":968,"path":969,"stem":970},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":972,"path":973,"stem":974},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":976,"path":977,"stem":978},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":980,"path":981,"stem":982},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":984,"path":985,"stem":986},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":988,"path":989,"stem":990,"children":991},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[992,993,997,1001],{"title":988,"path":989,"stem":990},{"title":994,"path":995,"stem":996},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":998,"path":999,"stem":1000},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":1002,"path":1003,"stem":1004},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1006,"path":1007,"stem":1008,"children":1009},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1010,1011,1014,1018,1021,1024,1027,1030,1033,1036,1039,1042,1045,1048,1051,1054,1057,1060,1063,1066,1069,1072,1075,1078,1081,1084,1087,1090,1093,1096,1099],{"title":1006,"path":1007,"stem":1008},{"title":755,"path":1012,"stem":1013},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1015,"path":1016,"stem":1017},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":763,"path":1019,"stem":1020},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":785,"path":1022,"stem":1023},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":789,"path":1025,"stem":1026},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":811,"path":1028,"stem":1029},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":815,"path":1031,"stem":1032},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":819,"path":1034,"stem":1035},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":823,"path":1037,"stem":1038},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":827,"path":1040,"stem":1041},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":857,"path":1043,"stem":1044},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":861,"path":1046,"stem":1047},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":865,"path":1049,"stem":1050},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":869,"path":1052,"stem":1053},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":887,"path":1055,"stem":1056},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":891,"path":1058,"stem":1059},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":895,"path":1061,"stem":1062},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":899,"path":1064,"stem":1065},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":903,"path":1067,"stem":1068},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":929,"path":1070,"stem":1071},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":943,"path":1073,"stem":1074},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":947,"path":1076,"stem":1077},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":951,"path":1079,"stem":1080},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":688,"path":1082,"stem":1083},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":968,"path":1085,"stem":1086},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":972,"path":1088,"stem":1089},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":976,"path":1091,"stem":1092},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":980,"path":1094,"stem":1095},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":984,"path":1097,"stem":1098},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":988,"path":1100,"stem":1101},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1103,"path":1104,"stem":1105,"children":1106},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1107,1108,1112,1134,1138,1160],{"title":1103,"path":1104,"stem":1105},{"title":1109,"path":1110,"stem":1111},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1113,"path":1114,"stem":1115,"children":1116},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1117,1118,1122,1126,1130],{"title":1113,"path":1114,"stem":1115},{"title":1119,"path":1120,"stem":1121},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1123,"path":1124,"stem":1125},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1127,"path":1128,"stem":1129},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1131,"path":1132,"stem":1133},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1135,"path":1136,"stem":1137},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1139,"path":1140,"stem":1141,"children":1142},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1143,1144,1148,1152,1156],{"title":1139,"path":1140,"stem":1141},{"title":1145,"path":1146,"stem":1147},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1149,"path":1150,"stem":1151},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1153,"path":1154,"stem":1155},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1157,"path":1158,"stem":1159},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1161,"path":1162,"stem":1163},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1165,"path":1166,"stem":1167,"children":1168},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1169,1170,1174],{"title":1165,"path":1166,"stem":1167},{"title":1171,"path":1172,"stem":1173},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1175,"path":1176,"stem":1177,"children":1178},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1179,1180,1184],{"title":1175,"path":1176,"stem":1177},{"title":1181,"path":1182,"stem":1183},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1185,"path":1186,"stem":1187},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1189,"path":1190,"stem":1191,"children":1192},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1193,1194,1198,1202,1206,1210,1214,1218,1222,1226,1230,1234,1238,1242,1246,1250],{"title":1189,"path":1190,"stem":1191},{"title":1195,"path":1196,"stem":1197},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1199,"path":1200,"stem":1201},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1203,"path":1204,"stem":1205},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1207,"path":1208,"stem":1209},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1211,"path":1212,"stem":1213},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1215,"path":1216,"stem":1217},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1219,"path":1220,"stem":1221},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1223,"path":1224,"stem":1225},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1227,"path":1228,"stem":1229},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1231,"path":1232,"stem":1233},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1235,"path":1236,"stem":1237},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1239,"path":1240,"stem":1241},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1243,"path":1244,"stem":1245},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1247,"path":1248,"stem":1249},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1251,"path":1252,"stem":1253},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657825560]