[{"data":1,"prerenderedAt":1706},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j":1134,"sidebar-android-secure-coding-standard":1143},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":1122,"extension":1123,"meta":1124,"navigation":7,"path":1130,"seo":1131,"stem":1132,"__hash__":1133},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j.md","DRD02-J. Do not allow WebView to access sensitive local resource through file scheme",{"type":32,"value":33,"toc":1111},"minimark",[34,38,58,76,80,85,90,96,99,104,148,152,155,160,165,169,174,178,182,191,207,211,214,225,232,242,258,265,268,282,287,296,536,541,544,684,688,701,868,872,878,940,944,947,950,953,956,959,963,1015,1019,1047,1051,1083,1086,1107],[35,36,30],"h1",{"id":37},"drd02-j-do-not-allow-webview-to-access-sensitive-local-resource-through-file-scheme",[39,40,41,42,46,47,49,50,53,54,57],"p",{},"The ",[43,44,45],"code",{},"WebView"," class displays web pages as part of an activity layout. The behavior of a ",[43,48,45],{}," object can be customized using the ",[43,51,52],{},"WebSettings"," object, which can be obtained from ",[43,55,56],{},"WebView.getSettings()"," .",[39,59,60,61,63,64,67,68,71,72,75],{},"Major security concerns for ",[43,62,45],{}," are about the ",[43,65,66],{},"setJavaScriptEnabled()"," , ",[43,69,70],{},"setPluginState()"," , and ",[43,73,74],{},"setAllowFileAccess()"," methods.",[77,78,66],"h4",{"id":79},"setjavascriptenabled",[39,81,41,82,84],{},[43,83,66],{}," tells WebView to enable JavaScript execution. To set it true:",[39,86,87],{},[43,88,89],{},"webview.getWebSettings().setJavaScriptEnabled(true);",[39,91,92,93,57],{},"The default is ",[43,94,95],{},"false",[77,97,70],{"id":98},"setpluginstate",[39,100,41,101,103],{},[43,102,70],{}," method tells the WebView to enable, disable, or have plugins enabled on demand.",[105,106,109],"table",{"className":107},[108],"wrapped",[110,111,112,124,139],"tbody",{},[113,114,117,121],"tr",{"className":115},[116],"odd",[118,119,120],"td",{},"ON",[118,122,123],{},"any object will be loaded even if a plugin does not exist to handle the content",[113,125,128,131],{"className":126},[127],"even",[118,129,130],{},"ON_DEMAND",[118,132,133,136],{},[39,134,135],{},"if there is a plugin that can handle the content, a placeholder is shown until the user clicks on the placeholder.",[39,137,138],{},"Once clicked, the plugin will be enabled on the page.",[113,140,142,145],{"className":141},[116],[118,143,144],{},"OFF",[118,146,147],{},"all plugins will be turned off and any fallback content will be used",[39,149,92,150,57],{},[43,151,144],{},[77,153,74],{"id":154},"setallowfileaccess",[39,156,41,157,159],{},[43,158,74],{}," method enables or disables file access within WebView.",[39,161,92,162,57],{},[43,163,164],{},"true",[77,166,168],{"id":167},"setallowcontentaccess","setAllowContentAccess()",[39,170,41,171,173],{},[43,172,168],{}," method enables or disables content URL access within WebView. Content URL access allows WebView to load content from a content provider installed in the system.",[39,175,92,176,57],{},[43,177,164],{},[77,179,181],{"id":180},"setallowfileaccessfromfileurls","setAllowFileAccessFromFileURLs()",[39,183,184,185,188,189,57],{},"Sets whether JavaScript running in the context of a file scheme URL should be allowed to access content from other file scheme URLs. To enable the most restrictive, and therefore secure policy, this setting should be disabled. Note that the value of this setting is ignored if the value of ",[43,186,187],{},"getAllowUniversalAccessFromFileURLs()"," is ",[43,190,164],{},[39,192,193,194,196,197,200,201,196,203,206],{},"The default value is ",[43,195,164],{}," for API level ",[43,198,199],{},"ICE_CREAM_SANDWICH_MR1"," (API level 15)  and below, and ",[43,202,95],{},[43,204,205],{},"JELLY_BEAN"," (API level 16) and above.",[77,208,210],{"id":209},"setallowuniversalaccessfromfileurls","setAllowUniversalAccessFromFileURLs()",[39,212,213],{},"Sets whether JavaScript running in the context of a file scheme URL should be allowed to access content from any origin. This includes acess to content from other file scheme URLs. To enable the most restrictive, and therefore secure policy, this setting should be disabled.",[39,215,193,216,196,218,220,221,196,223,206],{},[43,217,164],{},[43,219,199],{}," (API level 15) and below, and ",[43,222,95],{},[43,224,205],{},[77,226,228,229,231],{"id":227},"security-concerns-for-webview-class","Security Concerns for ",[43,230,45],{}," Class",[39,233,234,235,237,238,241],{},"When an activity has ",[43,236,45],{}," embedded to display web pages, any application can create and send an ",[43,239,240],{},"Intent"," object with a given URI to the activity to request that a web page be displayed.",[39,243,244,246,247,250,251,254,255,257],{},[43,245,45],{}," can recognize a variety of schemes, including the ",[43,248,249],{},"file:"," scheme. A malicious application may create and store a crafted content on its local storage area, make it accessible with ",[43,252,253],{},"MODE_WORLD_READABLE"," permission, and send the URI (using the ",[43,256,249],{}," scheme) of this content to a target activity. The target activity renders this content.",[39,259,260,261,264],{},"When the target activity ( ",[43,262,263],{},"webView"," object) sets JavaScript enabled, it can be abused to access the target application’s resources.",[39,266,267],{},"Android 4.1 provides additional methods to control file scheme access:",[269,270,271,277],"ul",{},[272,273,274],"li",{},[43,275,276],{},"WebSettings#setAllowFileAccessFromFileURLs",[272,278,279],{},[43,280,281],{},"WebSettings#setAllowUniversalAccessFromFileURLs",[283,284,286],"h2",{"id":285},"noncompliant-code-example","Noncompliant Code Example",[39,288,289,290,292,293,295],{},"The following noncompliant code example uses the ",[43,291,45],{}," component with JavaScript enabled and processes any URI passed through ",[43,294,240],{}," without any validation:",[297,298,300],"code-block",{"quality":299},"bad",[301,302,307],"pre",{"className":303,"code":304,"language":305,"meta":306,"style":306},"language-java shiki shiki-themes github-light github-dark monokai","public class MyBrowser extends Activity {\n  @override\n  public void onCreate(Bundle savedInstanceState) {\n    super.onCreate(savedInstanceState);\n    setContentView(R.layout.main);\n\n    WebView webView = (WebView) findViewById(R.id.webview);\n\n\n    \u002F\u002F turn on javascript\n    WebSettings settings = webView.getSettings();\n    settings.setJavaScriptEnabled(true);\n\n    String url = getIntent().getStringExtra(\"URL\");\n    webView.loadUrl(url);\n  }\n}\n","java","",[43,308,309,336,346,373,389,398,404,425,430,435,442,462,479,484,512,524,530],{"__ignoreMap":306},[310,311,314,318,321,325,328,332],"span",{"class":312,"line":313},"line",1,[310,315,317],{"class":316},"sC2Qs","public",[310,319,320],{"class":316}," class",[310,322,324],{"class":323},"sz2Vg"," MyBrowser",[310,326,327],{"class":316}," extends",[310,329,331],{"class":330},"s30JN"," Activity",[310,333,335],{"class":334},"sMOD_"," {\n",[310,337,339,342],{"class":312,"line":338},2,[310,340,341],{"class":334},"  @",[310,343,345],{"class":344},"sq6CD","override\n",[310,347,349,352,355,359,362,366,370],{"class":312,"line":348},3,[310,350,351],{"class":316},"  public",[310,353,354],{"class":344}," void",[310,356,358],{"class":357},"srTi1"," onCreate",[310,360,361],{"class":334},"(",[310,363,365],{"class":364},"sk8M1","Bundle",[310,367,369],{"class":368},"sTHNf"," savedInstanceState",[310,371,372],{"class":334},") {\n",[310,374,376,380,383,386],{"class":312,"line":375},4,[310,377,379],{"class":378},"sP7S_","    super",[310,381,382],{"class":334},".",[310,384,385],{"class":357},"onCreate",[310,387,388],{"class":334},"(savedInstanceState);\n",[310,390,392,395],{"class":312,"line":391},5,[310,393,394],{"class":357},"    setContentView",[310,396,397],{"class":334},"(R.layout.main);\n",[310,399,401],{"class":312,"line":400},6,[310,402,403],{"emptyLinePlaceholder":7},"\n",[310,405,407,410,413,416,419,422],{"class":312,"line":406},7,[310,408,409],{"class":364},"    WebView",[310,411,412],{"class":334}," webView ",[310,414,415],{"class":316},"=",[310,417,418],{"class":334}," (WebView) ",[310,420,421],{"class":357},"findViewById",[310,423,424],{"class":334},"(R.id.webview);\n",[310,426,428],{"class":312,"line":427},8,[310,429,403],{"emptyLinePlaceholder":7},[310,431,433],{"class":312,"line":432},9,[310,434,403],{"emptyLinePlaceholder":7},[310,436,438],{"class":312,"line":437},10,[310,439,441],{"class":440},"s8-w5","    \u002F\u002F turn on javascript\n",[310,443,445,448,451,453,456,459],{"class":312,"line":444},11,[310,446,447],{"class":364},"    WebSettings",[310,449,450],{"class":334}," settings ",[310,452,415],{"class":316},[310,454,455],{"class":334}," webView.",[310,457,458],{"class":357},"getSettings",[310,460,461],{"class":334},"();\n",[310,463,465,468,471,473,476],{"class":312,"line":464},12,[310,466,467],{"class":334},"    settings.",[310,469,470],{"class":357},"setJavaScriptEnabled",[310,472,361],{"class":334},[310,474,164],{"class":475},"s7F3e",[310,477,478],{"class":334},");\n",[310,480,482],{"class":312,"line":481},13,[310,483,403],{"emptyLinePlaceholder":7},[310,485,487,490,493,495,498,501,504,506,510],{"class":312,"line":486},14,[310,488,489],{"class":364},"    String",[310,491,492],{"class":334}," url ",[310,494,415],{"class":316},[310,496,497],{"class":357}," getIntent",[310,499,500],{"class":334},"().",[310,502,503],{"class":357},"getStringExtra",[310,505,361],{"class":334},[310,507,509],{"class":508},"sstjo","\"URL\"",[310,511,478],{"class":334},[310,513,515,518,521],{"class":312,"line":514},15,[310,516,517],{"class":334},"    webView.",[310,519,520],{"class":357},"loadUrl",[310,522,523],{"class":334},"(url);\n",[310,525,527],{"class":312,"line":526},16,[310,528,529],{"class":334},"  }\n",[310,531,533],{"class":312,"line":532},17,[310,534,535],{"class":334},"}\n",[537,538,540],"h3",{"id":539},"proof-of-concept","Proof of Concept",[39,542,543],{},"This code shows how the vulnerability can be exploited:",[301,545,547],{"className":303,"code":546,"language":305,"meta":306,"style":306},"\u002F\u002F Malicious application prepares some crafted HTML file,\n\u002F\u002F places it on a local storage, makes accessible from\n\u002F\u002F other applications. The following code sends an\n\u002F\u002F intent to a target application (jp.vulnerable.android.app)\n\u002F\u002F to make it access and process the malicious HTML file.\n \nString pkg = \"jp.vulnerable.android.app\";\nString cls = pkg + \".DummyLauncherActivity\";\nString uri = \"file:\u002F\u002F\u002F[crafted HTML file]\";\nIntent intent = new Intent();\nintent.setClassName(pkg, cls);\nintent.putExtra(\"url\", uri);\nthis.startActivity(intent);\n",[43,548,549,554,559,564,569,574,579,595,614,628,645,656,671],{"__ignoreMap":306},[310,550,551],{"class":312,"line":313},[310,552,553],{"class":440},"\u002F\u002F Malicious application prepares some crafted HTML file,\n",[310,555,556],{"class":312,"line":338},[310,557,558],{"class":440},"\u002F\u002F places it on a local storage, makes accessible from\n",[310,560,561],{"class":312,"line":348},[310,562,563],{"class":440},"\u002F\u002F other applications. The following code sends an\n",[310,565,566],{"class":312,"line":375},[310,567,568],{"class":440},"\u002F\u002F intent to a target application (jp.vulnerable.android.app)\n",[310,570,571],{"class":312,"line":391},[310,572,573],{"class":440},"\u002F\u002F to make it access and process the malicious HTML file.\n",[310,575,576],{"class":312,"line":400},[310,577,578],{"class":334}," \n",[310,580,581,584,587,589,592],{"class":312,"line":406},[310,582,583],{"class":364},"String",[310,585,586],{"class":334}," pkg ",[310,588,415],{"class":316},[310,590,591],{"class":508}," \"jp.vulnerable.android.app\"",[310,593,594],{"class":334},";\n",[310,596,597,599,602,604,606,609,612],{"class":312,"line":427},[310,598,583],{"class":364},[310,600,601],{"class":334}," cls ",[310,603,415],{"class":316},[310,605,586],{"class":334},[310,607,608],{"class":316},"+",[310,610,611],{"class":508}," \".DummyLauncherActivity\"",[310,613,594],{"class":334},[310,615,616,618,621,623,626],{"class":312,"line":432},[310,617,583],{"class":364},[310,619,620],{"class":334}," uri ",[310,622,415],{"class":316},[310,624,625],{"class":508}," \"file:\u002F\u002F\u002F[crafted HTML file]\"",[310,627,594],{"class":334},[310,629,630,632,635,637,640,643],{"class":312,"line":437},[310,631,240],{"class":364},[310,633,634],{"class":334}," intent ",[310,636,415],{"class":316},[310,638,639],{"class":316}," new",[310,641,642],{"class":357}," Intent",[310,644,461],{"class":334},[310,646,647,650,653],{"class":312,"line":444},[310,648,649],{"class":334},"intent.",[310,651,652],{"class":357},"setClassName",[310,654,655],{"class":334},"(pkg, cls);\n",[310,657,658,660,663,665,668],{"class":312,"line":464},[310,659,649],{"class":334},[310,661,662],{"class":357},"putExtra",[310,664,361],{"class":334},[310,666,667],{"class":508},"\"url\"",[310,669,670],{"class":334},", uri);\n",[310,672,673,676,678,681],{"class":312,"line":481},[310,674,675],{"class":378},"this",[310,677,382],{"class":334},[310,679,680],{"class":357},"startActivity",[310,682,683],{"class":334},"(intent);\n",[283,685,687],{"id":686},"compliant-solution","Compliant Solution",[39,689,690,691,694,695,697,698,700],{},"Any URI received via an ",[43,692,693],{},"intent"," from outside a trust-boundary should be validated before rendering it with ",[43,696,45],{}," . For example, the following code checks a received URI and rejects the \" ",[43,699,249],{}," \" scheme URI.  More generally, it allows only URIs that start with \"http\".  (Note that \"https\" starts with \"http\".)",[297,702,704],{"quality":703},"good",[301,705,707],{"className":303,"code":706,"language":305,"meta":306,"style":306},"public class MyBrowser extends Activity {\n  @override\n  public void onCreate(Bundle savedInstanceState) {\n    super.onCreate(savedInstanceState);\n    setContentView(R.layout.main);\n \n    WebView webView = (WebView) findViewById(R.id.webview);\n\n    String url = getIntent().getStringExtra(\"url\");\n    if (!url.startsWith(\"http\")) {  \u002F* Note: \"https\".startsWith(\"http\") == true *\u002F\n        url = \"about:blank\";\n    }\n\n    webView.loadUrl(url);\n  }\n}\n",[43,708,709,723,729,745,755,761,765,779,783,803,831,843,848,852,860,864],{"__ignoreMap":306},[310,710,711,713,715,717,719,721],{"class":312,"line":313},[310,712,317],{"class":316},[310,714,320],{"class":316},[310,716,324],{"class":323},[310,718,327],{"class":316},[310,720,331],{"class":330},[310,722,335],{"class":334},[310,724,725,727],{"class":312,"line":338},[310,726,341],{"class":334},[310,728,345],{"class":344},[310,730,731,733,735,737,739,741,743],{"class":312,"line":348},[310,732,351],{"class":316},[310,734,354],{"class":344},[310,736,358],{"class":357},[310,738,361],{"class":334},[310,740,365],{"class":364},[310,742,369],{"class":368},[310,744,372],{"class":334},[310,746,747,749,751,753],{"class":312,"line":375},[310,748,379],{"class":378},[310,750,382],{"class":334},[310,752,385],{"class":357},[310,754,388],{"class":334},[310,756,757,759],{"class":312,"line":391},[310,758,394],{"class":357},[310,760,397],{"class":334},[310,762,763],{"class":312,"line":400},[310,764,578],{"class":334},[310,766,767,769,771,773,775,777],{"class":312,"line":406},[310,768,409],{"class":364},[310,770,412],{"class":334},[310,772,415],{"class":316},[310,774,418],{"class":334},[310,776,421],{"class":357},[310,778,424],{"class":334},[310,780,781],{"class":312,"line":427},[310,782,403],{"emptyLinePlaceholder":7},[310,784,785,787,789,791,793,795,797,799,801],{"class":312,"line":432},[310,786,489],{"class":364},[310,788,492],{"class":334},[310,790,415],{"class":316},[310,792,497],{"class":357},[310,794,500],{"class":334},[310,796,503],{"class":357},[310,798,361],{"class":334},[310,800,667],{"class":508},[310,802,478],{"class":334},[310,804,805,808,811,814,817,820,822,825,828],{"class":312,"line":437},[310,806,807],{"class":316},"    if",[310,809,810],{"class":334}," (",[310,812,813],{"class":316},"!",[310,815,816],{"class":334},"url.",[310,818,819],{"class":357},"startsWith",[310,821,361],{"class":334},[310,823,824],{"class":508},"\"http\"",[310,826,827],{"class":334},")) {  ",[310,829,830],{"class":440},"\u002F* Note: \"https\".startsWith(\"http\") == true *\u002F\n",[310,832,833,836,838,841],{"class":312,"line":444},[310,834,835],{"class":334},"        url ",[310,837,415],{"class":316},[310,839,840],{"class":508}," \"about:blank\"",[310,842,594],{"class":334},[310,844,845],{"class":312,"line":464},[310,846,847],{"class":334},"    }\n",[310,849,850],{"class":312,"line":481},[310,851,403],{"emptyLinePlaceholder":7},[310,853,854,856,858],{"class":312,"line":486},[310,855,517],{"class":334},[310,857,520],{"class":357},[310,859,523],{"class":334},[310,861,862],{"class":312,"line":514},[310,863,529],{"class":334},[310,865,866],{"class":312,"line":526},[310,867,535],{"class":334},[283,869,871],{"id":870},"risk-assessment","Risk Assessment",[39,873,874,875,877],{},"Allowing ",[43,876,45],{}," to access sensitive resources may result in information leaks.",[105,879,880,881,880,910],{},"\n  ",[882,883,884,885,880],"thead",{},"\n    ",[113,886,887,888,887,892,887,895,887,898,887,901,887,904,887,907,884],{},"\n      ",[889,890,891],"th",{},"Rule",[889,893,894],{},"Severity",[889,896,897],{},"Likelihood",[889,899,900],{},"Detectable",[889,902,903],{},"Repairable",[889,905,906],{},"Priority",[889,908,909],{},"Level",[110,911,884,912,880],{},[113,913,887,914,887,917,887,920,887,923,887,926,887,928,887,935,884],{},[118,915,916],{},"DRD02-J",[118,918,919],{},"medium",[118,921,922],{},"probable",[118,924,925],{},"No",[118,927,925],{},[118,929,931],{"style":930},"color: #27ae60;",[932,933,934],"b",{},"P4",[118,936,937],{"style":930},[932,938,939],{},"L3",[283,941,943],{"id":942},"automated-detection","Automated Detection",[39,945,946],{},"Automatic detection is not feasible.",[39,948,949],{},"Tool",[39,951,952],{},"Version",[39,954,955],{},"Checker",[39,957,958],{},"Description",[283,960,962],{"id":961},"related-vulnerabilities","Related Vulnerabilities",[269,964,965,975,983,991,999,1007],{},[272,966,967,974],{},[968,969,973],"a",{"href":970,"rel":971},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN59652356\u002F",[972],"nofollow","JVN#59652356"," Cybozu KUNAI for Android vulnerable in the WebView class",[272,976,977,982],{},[968,978,981],{"href":979,"rel":980},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN99813183\u002F",[972],"JVN#99813183"," Galapagos Browser vulnerable in the WebView class",[272,984,985,990],{},[968,986,989],{"href":987,"rel":988},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN79301570\u002F",[972],"JVN#79301570"," Angel Browser vulnerable in the WebView class",[272,992,993,998],{},[968,994,997],{"href":995,"rel":996},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN77393797\u002F",[972],"JVN#77393797"," Cybozu Live for Android vulnerable in the WebView class",[272,1000,1001,1006],{},[968,1002,1005],{"href":1003,"rel":1004},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN03015214\u002F",[972],"JVN#03015214"," KUNAI Browser for Remote Service beta vulnerable in the WebView class",[272,1008,1009,1014],{},[968,1010,1013],{"href":1011,"rel":1012},"https:\u002F\u002Fjvn.jp\u002Fen\u002Fjp\u002FJVN46088915\u002F",[972],"JVN#46088915"," Yahoo! Browser vulnerable in the WebView class",[283,1016,1018],{"id":1017},"related-guidelines","Related Guidelines",[105,1020,1021,1029],{},[882,1022,1023],{},[113,1024,1025,1027],{},[889,1026],{},[889,1028],{},[110,1030,1031],{},[113,1032,1033,1044],{},[118,1034,1035,1043],{},[1036,1037,1038],"em",{},[968,1039,1042],{"href":1040,"rel":1041},"http:\u002F\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding_en.pdf",[972],"Android Application Secure Design \u002F Secure Coding Guidebook"," by JSSEC",[118,1045,1046],{},"4.9 Using WebView",[283,1048,1050],{"id":1049},"bibliography","Bibliography",[105,1052,1053,1061],{},[882,1054,1055],{},[113,1056,1057,1059],{},[889,1058],{},[889,1060],{},[110,1062,1063],{},[113,1064,1065,1081],{},[118,1066,1067,1072,1073,1072,1077],{},[968,1068,1071],{"href":1069,"rel":1070},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding.pdf",[972],"["," ",[968,1074,1076],{"href":1075},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-JSSEC14","JSSEC 2014",[968,1078,1080],{"href":1069,"rel":1079},[972],"]",[118,1082,1046],{},[1084,1085],"hr",{},[39,1087,1088,1072,1095,1072,1101],{},[968,1089,1091],{"href":1090},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD01-J.+Limit+the+accessibility+to+your+sensitive+content+provider?showChildren=false&showComments=false",[1092,1093],"img",{"src":1094},"\u002Fattachments\u002F88487702\u002F88497198.png",[968,1096,1098],{"href":1097},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=111509535",[1092,1099],{"src":1100},"\u002Fattachments\u002F88487702\u002F88497196.png",[968,1102,1104],{"href":1103},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD03-J.+Do+not+broadcast+sensitive+information+using+an+implicit+intent?showChildren=false&showComments=false",[1092,1105],{"src":1106},"\u002Fattachments\u002F88487702\u002F88497197.png",[1108,1109,1110],"style",{},"html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sz2Vg, html code.shiki .sz2Vg{--shiki-default:#6F42C1;--shiki-default-text-decoration:inherit;--shiki-dark:#B392F0;--shiki-dark-text-decoration:inherit;--shiki-sepia:#A6E22E;--shiki-sepia-text-decoration:underline}html pre.shiki code .s30JN, html code.shiki .s30JN{--shiki-default:#6F42C1;--shiki-default-font-style:inherit;--shiki-default-text-decoration:inherit;--shiki-dark:#B392F0;--shiki-dark-font-style:inherit;--shiki-dark-text-decoration:inherit;--shiki-sepia:#A6E22E;--shiki-sepia-font-style:italic;--shiki-sepia-text-decoration:underline}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sTHNf, html code.shiki .sTHNf{--shiki-default:#E36209;--shiki-default-font-style:inherit;--shiki-dark:#FFAB70;--shiki-dark-font-style:inherit;--shiki-sepia:#FD971F;--shiki-sepia-font-style:italic}html pre.shiki code .sP7S_, html code.shiki .sP7S_{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#FD971F}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}",{"title":306,"searchDepth":338,"depth":338,"links":1112},[1113,1116,1117,1118,1119,1120,1121],{"id":285,"depth":338,"text":286,"children":1114},[1115],{"id":539,"depth":348,"text":540},{"id":686,"depth":338,"text":687},{"id":870,"depth":338,"text":871},{"id":942,"depth":338,"text":943},{"id":961,"depth":338,"text":962},{"id":1017,"depth":338,"text":1018},{"id":1049,"depth":338,"text":1050},"The WebView class displays web pages as part of an activity layout. The behavior of a WebView object can be customized using the WebSettings object, which can be obtained from WebView.getSettings() .","md",{"tags":1125},[1126,1127,1128,1129],"android-applicable","drd","wbv","rule","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j",{"title":30,"description":1122},"3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j","lN2HjPpakp6HkIQnIwr2JDq78GXVz6qoujynSbLG9wE",[1135,1139],{"title":1136,"path":1137,"stem":1138,"children":-1},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",{"title":1140,"path":1141,"stem":1142,"children":-1},"DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",[1144],{"title":1145,"path":1146,"stem":1147,"children":1148},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[1149,1150,1200,1457,1554,1616,1640],{"title":1145,"path":1146,"stem":1147},{"title":1151,"path":1152,"stem":1153,"children":1154},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[1155,1156,1178],{"title":1151,"path":1152,"stem":1153},{"title":1157,"path":1158,"stem":1159,"children":1160},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[1161,1162,1166,1170,1174],{"title":1157,"path":1158,"stem":1159},{"title":1163,"path":1164,"stem":1165},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":1167,"path":1168,"stem":1169},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":1171,"path":1172,"stem":1173},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":1175,"path":1176,"stem":1177},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":1179,"path":1180,"stem":1181,"children":1182},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[1183,1184,1188,1192,1196],{"title":1179,"path":1180,"stem":1181},{"title":1185,"path":1186,"stem":1187},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":1189,"path":1190,"stem":1191},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":1193,"path":1194,"stem":1195},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":1197,"path":1198,"stem":1199},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":1201,"path":1202,"stem":1203,"children":1204},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[1205,1206,1210,1214,1236,1240,1262,1266,1270,1274,1278,1308,1312,1316,1320,1338,1342,1346,1350,1354,1380,1394,1398,1402,1424,1428,1432,1436,1440,1444,1448],{"title":1201,"path":1202,"stem":1203},{"title":1207,"path":1208,"stem":1209},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":1211,"path":1212,"stem":1213},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":1215,"path":1216,"stem":1217,"children":1218},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[1219,1220,1224,1228,1232],{"title":1215,"path":1216,"stem":1217},{"title":1221,"path":1222,"stem":1223},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":1225,"path":1226,"stem":1227},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":1229,"path":1230,"stem":1231},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":1233,"path":1234,"stem":1235},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":1237,"path":1238,"stem":1239},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":1241,"path":1242,"stem":1243,"children":1244},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[1245,1246,1250,1254,1258],{"title":1241,"path":1242,"stem":1243},{"title":1247,"path":1248,"stem":1249},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":1251,"path":1252,"stem":1253},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":1255,"path":1256,"stem":1257},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":1259,"path":1260,"stem":1261},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":1263,"path":1264,"stem":1265},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":1267,"path":1268,"stem":1269},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":1271,"path":1272,"stem":1273},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":1275,"path":1276,"stem":1277},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":1279,"path":1280,"stem":1281,"children":1282},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[1283,1284,1288,1292,1296,1300,1304],{"title":1279,"path":1280,"stem":1281},{"title":1285,"path":1286,"stem":1287},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":1289,"path":1290,"stem":1291},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":1293,"path":1294,"stem":1295},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":1297,"path":1298,"stem":1299},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":1301,"path":1302,"stem":1303},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":1305,"path":1306,"stem":1307},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":1309,"path":1310,"stem":1311},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":1313,"path":1314,"stem":1315},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":1317,"path":1318,"stem":1319},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":1321,"path":1322,"stem":1323,"children":1324},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[1325,1326,1330,1334],{"title":1321,"path":1322,"stem":1323},{"title":1327,"path":1328,"stem":1329},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":1331,"path":1332,"stem":1333},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":1335,"path":1336,"stem":1337},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":1339,"path":1340,"stem":1341},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":1343,"path":1344,"stem":1345},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":1347,"path":1348,"stem":1349},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":1351,"path":1352,"stem":1353},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":1355,"path":1356,"stem":1357,"children":1358},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[1359,1360,1364,1368,1372,1376],{"title":1355,"path":1356,"stem":1357},{"title":1361,"path":1362,"stem":1363},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":1365,"path":1366,"stem":1367},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":1369,"path":1370,"stem":1371},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":1373,"path":1374,"stem":1375},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":1377,"path":1378,"stem":1379},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":1381,"path":1382,"stem":1383,"children":1384},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[1385,1386,1390],{"title":1381,"path":1382,"stem":1383},{"title":1387,"path":1388,"stem":1389},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":1391,"path":1392,"stem":1393},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":1395,"path":1396,"stem":1397},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":1399,"path":1400,"stem":1401},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":1403,"path":1404,"stem":1405,"children":1406},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[1407,1408,1412,1416,1420],{"title":1403,"path":1404,"stem":1405},{"title":1409,"path":1410,"stem":1411},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":1413,"path":1414,"stem":1415},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":1417,"path":1418,"stem":1419},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":1421,"path":1422,"stem":1423},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":1425,"path":1426,"stem":1427},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1429,"path":1430,"stem":1431},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1433,"path":1434,"stem":1435},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1437,"path":1438,"stem":1439},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1441,"path":1442,"stem":1443},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1445,"path":1446,"stem":1447},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1136,"path":1137,"stem":1138,"children":1449},[1450,1451,1452,1453],{"title":1136,"path":1137,"stem":1138},{"title":30,"path":1130,"stem":1132},{"title":1140,"path":1141,"stem":1142},{"title":1454,"path":1455,"stem":1456},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",{"title":1458,"path":1459,"stem":1460,"children":1461},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1462,1463,1466,1470,1473,1476,1479,1482,1485,1488,1491,1494,1497,1500,1503,1506,1509,1512,1515,1518,1521,1524,1527,1530,1533,1536,1539,1542,1545,1548,1551],{"title":1458,"path":1459,"stem":1460},{"title":1207,"path":1464,"stem":1465},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1467,"path":1468,"stem":1469},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":1215,"path":1471,"stem":1472},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":1237,"path":1474,"stem":1475},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":1241,"path":1477,"stem":1478},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":1263,"path":1480,"stem":1481},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":1267,"path":1483,"stem":1484},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":1271,"path":1486,"stem":1487},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":1275,"path":1489,"stem":1490},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":1279,"path":1492,"stem":1493},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":1309,"path":1495,"stem":1496},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":1313,"path":1498,"stem":1499},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":1317,"path":1501,"stem":1502},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":1321,"path":1504,"stem":1505},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":1339,"path":1507,"stem":1508},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":1343,"path":1510,"stem":1511},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":1347,"path":1513,"stem":1514},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":1351,"path":1516,"stem":1517},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":1355,"path":1519,"stem":1520},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":1381,"path":1522,"stem":1523},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":1395,"path":1525,"stem":1526},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":1399,"path":1528,"stem":1529},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":1403,"path":1531,"stem":1532},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":1425,"path":1534,"stem":1535},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1429,"path":1537,"stem":1538},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1433,"path":1540,"stem":1541},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1437,"path":1543,"stem":1544},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1441,"path":1546,"stem":1547},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1445,"path":1549,"stem":1550},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1136,"path":1552,"stem":1553},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1555,"path":1556,"stem":1557,"children":1558},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1559,1560,1564,1586,1590,1612],{"title":1555,"path":1556,"stem":1557},{"title":1561,"path":1562,"stem":1563},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1565,"path":1566,"stem":1567,"children":1568},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1569,1570,1574,1578,1582],{"title":1565,"path":1566,"stem":1567},{"title":1571,"path":1572,"stem":1573},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1575,"path":1576,"stem":1577},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1579,"path":1580,"stem":1581},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1583,"path":1584,"stem":1585},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1587,"path":1588,"stem":1589},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1591,"path":1592,"stem":1593,"children":1594},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1595,1596,1600,1604,1608],{"title":1591,"path":1592,"stem":1593},{"title":1597,"path":1598,"stem":1599},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1601,"path":1602,"stem":1603},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1605,"path":1606,"stem":1607},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1609,"path":1610,"stem":1611},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1613,"path":1614,"stem":1615},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1617,"path":1618,"stem":1619,"children":1620},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1621,1622,1626],{"title":1617,"path":1618,"stem":1619},{"title":1623,"path":1624,"stem":1625},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1627,"path":1628,"stem":1629,"children":1630},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1631,1632,1636],{"title":1627,"path":1628,"stem":1629},{"title":1633,"path":1634,"stem":1635},"CodeSonar","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1637,"path":1638,"stem":1639},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1641,"path":1642,"stem":1643,"children":1644},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1645,1646,1650,1654,1658,1662,1666,1670,1674,1678,1682,1686,1690,1694,1698,1702],{"title":1641,"path":1642,"stem":1643},{"title":1647,"path":1648,"stem":1649},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1651,"path":1652,"stem":1653},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1655,"path":1656,"stem":1657},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1659,"path":1660,"stem":1661},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1663,"path":1664,"stem":1665},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1667,"path":1668,"stem":1669},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1671,"path":1672,"stem":1673},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1675,"path":1676,"stem":1677},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1679,"path":1680,"stem":1681},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1683,"path":1684,"stem":1685},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1687,"path":1688,"stem":1689},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1691,"path":1692,"stem":1693},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1695,"path":1696,"stem":1697},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1699,"path":1700,"stem":1701},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1703,"path":1704,"stem":1705},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657823530]