[{"data":1,"prerenderedAt":1293},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below":28,"surround-\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below":723,"sidebar-android-secure-coding-standard":732},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":93,"extension":707,"meta":708,"navigation":7,"path":719,"seo":720,"stem":721,"__hash__":722},"content\u002F3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below.md","DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)",{"type":32,"value":33,"toc":695},"minimark",[34,38,42,71,76,83,278,281,285,291,327,331,338,400,404,409,412,438,442,451,506,510,521,588,592,622,626,666,669,691],[35,36,30],"h1",{"id":37},"drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",[35,39,41],{"id":40},"this-coding-rule-or-guideline-is-under-construction","(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)",[43,44,45,46,50,51,58,59,62,63,66,67,70],"p",{},"For API level JELLY_BEAN or below, allowing an app to use the ",[47,48,49],"code",{},"addJavascriptInterface"," method ",[52,53,54],"u",{},[55,56,57],"em",{},"with untrusted content"," in a ",[47,60,61],{},"WebView"," leaves the app vulnerable to scripting attacks using reflection to access public methods from JavaScript.  Untrusted content examples include content from any HTTP URL (as opposed to HTTPS) and user-provided content. The method ",[47,64,65],{},"  addJavascriptInterface(Object, String) "," is called from the ",[47,68,69],{},"android.webkit.WebView"," class. Sensitive data and app control should not be exposed to scripting attacks.",[72,73,75],"h2",{"id":74},"noncompliant-code-example","Noncompliant Code Example",[43,77,78,79,82],{},"This noncompliant code example shows an application that calls the ",[47,80,81],{},"addJavascriptInterface()"," method, and hence is not secure for API level JELLY_BEAN and lower.",[84,85,87],"code-block",{"quality":86},"bad",[88,89,94],"pre",{"className":90,"code":91,"language":92,"meta":93,"style":93},"language-java shiki shiki-themes github-light github-dark monokai","WebView webView = new WebView(this);\nsetContentView(webView);\n...\nclass JsObject {\n     private String sensitiveInformation;\n\n     ...\n     public String toString() { return sensitiveInformation; }\n\n}\n webView.addJavascriptInterface(new JsObject(), \"injectedObject\");\n webView.loadData(\"\", \"text\u002Fhtml\", null);\n webView.loadUrl(\"http:\u002F\u002Fwww.example.com\");\n","java","",[47,95,96,129,138,144,157,169,175,181,201,206,212,236,263],{"__ignoreMap":93},[97,98,101,104,108,112,115,119,122,126],"span",{"class":99,"line":100},"line",1,[97,102,61],{"class":103},"sk8M1",[97,105,107],{"class":106},"sMOD_"," webView ",[97,109,111],{"class":110},"sC2Qs","=",[97,113,114],{"class":110}," new",[97,116,118],{"class":117},"srTi1"," WebView",[97,120,121],{"class":106},"(",[97,123,125],{"class":124},"sP7S_","this",[97,127,128],{"class":106},");\n",[97,130,132,135],{"class":99,"line":131},2,[97,133,134],{"class":117},"setContentView",[97,136,137],{"class":106},"(webView);\n",[97,139,141],{"class":99,"line":140},3,[97,142,143],{"class":106},"...\n",[97,145,147,150,154],{"class":99,"line":146},4,[97,148,149],{"class":110},"class",[97,151,153],{"class":152},"sz2Vg"," JsObject",[97,155,156],{"class":106}," {\n",[97,158,160,163,166],{"class":99,"line":159},5,[97,161,162],{"class":110},"     private",[97,164,165],{"class":103}," String",[97,167,168],{"class":106}," sensitiveInformation;\n",[97,170,172],{"class":99,"line":171},6,[97,173,174],{"emptyLinePlaceholder":7},"\n",[97,176,178],{"class":99,"line":177},7,[97,179,180],{"class":106},"     ...\n",[97,182,184,187,189,192,195,198],{"class":99,"line":183},8,[97,185,186],{"class":110},"     public",[97,188,165],{"class":103},[97,190,191],{"class":117}," toString",[97,193,194],{"class":106},"() { ",[97,196,197],{"class":110},"return",[97,199,200],{"class":106}," sensitiveInformation; }\n",[97,202,204],{"class":99,"line":203},9,[97,205,174],{"emptyLinePlaceholder":7},[97,207,209],{"class":99,"line":208},10,[97,210,211],{"class":106},"}\n",[97,213,215,218,220,222,225,227,230,234],{"class":99,"line":214},11,[97,216,217],{"class":106}," webView.",[97,219,49],{"class":117},[97,221,121],{"class":106},[97,223,224],{"class":110},"new",[97,226,153],{"class":117},[97,228,229],{"class":106},"(), ",[97,231,233],{"class":232},"sstjo","\"injectedObject\"",[97,235,128],{"class":106},[97,237,239,241,244,246,249,252,255,257,261],{"class":99,"line":238},12,[97,240,217],{"class":106},[97,242,243],{"class":117},"loadData",[97,245,121],{"class":106},[97,247,248],{"class":232},"\"\"",[97,250,251],{"class":106},", ",[97,253,254],{"class":232},"\"text\u002Fhtml\"",[97,256,251],{"class":106},[97,258,260],{"class":259},"s7F3e","null",[97,262,128],{"class":106},[97,264,266,268,271,273,276],{"class":99,"line":265},13,[97,267,217],{"class":106},[97,269,270],{"class":117},"loadUrl",[97,272,121],{"class":106},[97,274,275],{"class":232},"\"http:\u002F\u002Fwww.example.com\"",[97,277,128],{"class":106},[43,279,280],{},"JavaScript can now control the host. Java reflection could be used to access any of the public methods of an injected object, using the permissions of the app.",[72,282,284],{"id":283},"compliant-solution-1","Compliant Solution #1",[43,286,287,288,290],{},"Compliant code could refrain from calling the ",[47,289,81],{}," method.",[84,292,294],{"quality":293},"good",[88,295,297],{"className":90,"code":296,"language":92,"meta":93,"style":93},"WebView webView = new WebView(this);\nsetContentView(webView);\n...\n",[47,298,299,317,323],{"__ignoreMap":93},[97,300,301,303,305,307,309,311,313,315],{"class":99,"line":100},[97,302,61],{"class":103},[97,304,107],{"class":106},[97,306,111],{"class":110},[97,308,114],{"class":110},[97,310,118],{"class":117},[97,312,121],{"class":106},[97,314,125],{"class":124},[97,316,128],{"class":106},[97,318,319,321],{"class":99,"line":131},[97,320,134],{"class":117},[97,322,137],{"class":106},[97,324,325],{"class":99,"line":140},[97,326,143],{"class":106},[72,328,330],{"id":329},"compliant-solution-2","Compliant Solution #2",[43,332,333,334,337],{},"Another compliant solution is to specify in the app's manifest that the app is only for API levels JELLY_BEAN_MR1 and above. For these API levels, only public methods that are annotated with ",[47,335,336],{},"JavascriptInterface"," can be accessed from JavaScript. API level 17 is JELLY_BEAN_MR1.",[84,339,340],{"quality":293},[88,341,343],{"className":90,"code":342,"language":92,"meta":93,"style":93},"\u003Cmanifest>\n\u003Cuses-sdk android:minSdkVersion=\"17\" \u002F>\n...\n\n\u003C\u002Fmanifest>\n",[47,344,345,356,383,387,391],{"__ignoreMap":93},[97,346,347,350,353],{"class":99,"line":100},[97,348,349],{"class":110},"\u003C",[97,351,352],{"class":106},"manifest",[97,354,355],{"class":110},">\n",[97,357,358,360,363,366,369,372,375,377,380],{"class":99,"line":131},[97,359,349],{"class":110},[97,361,362],{"class":106},"uses",[97,364,365],{"class":110},"-",[97,367,368],{"class":106},"sdk android",[97,370,371],{"class":110},":",[97,373,374],{"class":106},"minSdkVersion",[97,376,111],{"class":110},[97,378,379],{"class":232},"\"17\"",[97,381,382],{"class":110}," \u002F>\n",[97,384,385],{"class":99,"line":140},[97,386,143],{"class":106},[97,388,389],{"class":99,"line":146},[97,390,174],{"emptyLinePlaceholder":7},[97,392,393,396,398],{"class":99,"line":159},[97,394,395],{"class":110},"\u003C\u002F",[97,397,352],{"class":106},[97,399,355],{"class":110},[72,401,403],{"id":402},"applicability","Applicability",[405,406,408],"h3",{"id":407},"android-version-applicability","Android Version Applicability",[43,410,411],{},"Applies to Android API versions 16 (JELLY_BEAN) and below.",[413,414,415,424],"table",{},[416,417,418],"thead",{},[419,420,421],"tr",{},[422,423],"th",{},[425,426,427,433],"tbody",{},[419,428,429],{},[430,431,432],"td",{},"API Levels",[419,434,435],{},[430,436,437],{},"16",[72,439,441],{"id":440},"risk-assessment","Risk Assessment",[43,443,444,445,447,448,450],{},"Allowing an app to provide access to the ",[47,446,49],{}," method in a ",[47,449,61],{}," which could contain untrusted content may leave it open to scripting attacks that could corrupt the host, for API level JELLY_BEAN and below.",[413,452,453,454,453,481],{},"\n  ",[416,455,456,457,453],{},"\n    ",[419,458,459,460,459,463,459,466,459,469,459,472,459,475,459,478,456],{},"\n      ",[422,461,462],{},"Rule",[422,464,465],{},"Severity",[422,467,468],{},"Likelihood",[422,470,471],{},"Detectable",[422,473,474],{},"Repairable",[422,476,477],{},"Priority",[422,479,480],{},"Level",[425,482,456,483,453],{},[419,484,459,485,459,488,459,491,459,494,459,497,459,499,459,503,456],{},[430,486,487],{},"DRD13-J",[430,489,490],{},"High",[430,492,493],{},"Probable",[430,495,496],{},"No",[430,498,496],{},[430,500,502],{"style":501},"color: #f1c40f;","P6",[430,504,505],{"style":501},"L2",[72,507,509],{"id":508},"automated-detection","Automated Detection",[43,511,512,513,447,515,517,518,520],{},"Automatic detection of a call to the ",[47,514,81],{},[47,516,61],{}," is straightforward. Similarly, it is straightforward to automatically ensure that the minimum API is set to JELLY_BEAN_MR1 in the app manifest. Automatic determination of whether the ",[47,519,61],{}," could contain untrusted content may be impossible for some applications.",[413,522,525],{"className":523},[524],"wrapped",[425,526,527,551],{},[419,528,531,536,541,546],{"className":529},[530],"header",[422,532,533],{},[43,534,535],{},"Tool",[422,537,538],{},[43,539,540],{},"Version",[422,542,543],{},[43,544,545],{},"Checker",[422,547,548],{},[43,549,550],{},"Description",[419,552,555,562,572,583],{"className":553},[554],"odd",[430,556,557],{},[558,559,561],"a",{"href":560},"\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar","CodeSonar",[430,563,564],{},[565,566,569],"div",{"className":567},[568],"content-wrapper",[43,570,571],{},"9.0p0",[430,573,574],{},[565,575,577],{"className":576},[568],[43,578,579],{},[580,581,582],"strong",{},"JAVA.JS.RI",[430,584,585],{},[43,586,587],{},"Risky JavaScript interface (Java)",[72,589,591],{"id":590},"related-guidelines","Related Guidelines",[413,593,594,602],{},[416,595,596],{},[419,597,598,600],{},[422,599],{},[422,601],{},[425,603,604],{},[419,605,606,616],{},[430,607,608,609,615],{},"[ ",[558,610,614],{"href":611,"rel":612},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FThe+CERT+Oracle+Secure+Coding+Standard+for+Java",[613],"nofollow","The CERT Oracle Secure Coding Standard for Java"," ]",[430,617,618],{},[558,619,621],{"href":620},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec05-j","SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields",[72,623,625],{"id":624},"bibliography","Bibliography",[413,627,628,636],{},[416,629,630],{},[419,631,632,634],{},[422,633],{},[422,635],{},[425,637,638,653],{},[419,639,640,646],{},[430,641,608,642,615],{},[558,643,645],{"href":644},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-AndroidAPI13","Android API 2013",[430,647,648],{},[558,649,652],{"href":650,"rel":651},"http:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fandroid\u002Fwebkit\u002FWebView.html",[613],"class WebView",[419,654,655,659],{},[430,656,608,657,615],{},[558,658,645],{"href":644},[430,660,661],{},[558,662,665],{"href":663,"rel":664},"http:\u002F\u002Fdeveloper.android.com\u002Fguide\u002Ftopics\u002Fmanifest\u002Fuses-sdk-element.html#min",[613],"\u003Cuses-sdk>",[667,668],"hr",{},[43,670,671,678,679,678,685],{},[558,672,674],{"href":673},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD12-J.++Do+not+trust+data+that+is+world+writable?showChildren=false&showComments=false",[675,676],"img",{"src":677},"\u002Fattachments\u002F88487702\u002F88497198.png"," ",[558,680,682],{"href":681},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=111509535",[675,683],{"src":684},"\u002Fattachments\u002F88487702\u002F88497196.png",[558,686,688],{"href":687},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fjava\u002FDRD14-J.+Check+that+a+calling+app+has+appropriate+permissions+before+responding?showChildren=false&showComments=false",[675,689],{"src":690},"\u002Fattachments\u002F88487702\u002F88497197.png",[692,693,694],"style",{},"html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sP7S_, html code.shiki .sP7S_{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#FD971F}html pre.shiki code .sz2Vg, html code.shiki .sz2Vg{--shiki-default:#6F42C1;--shiki-default-text-decoration:inherit;--shiki-dark:#B392F0;--shiki-dark-text-decoration:inherit;--shiki-sepia:#A6E22E;--shiki-sepia-text-decoration:underline}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}",{"title":93,"searchDepth":131,"depth":131,"links":696},[697,698,699,700,703,704,705,706],{"id":74,"depth":131,"text":75},{"id":283,"depth":131,"text":284},{"id":329,"depth":131,"text":330},{"id":402,"depth":131,"text":403,"children":701},[702],{"id":407,"depth":140,"text":408},{"id":440,"depth":131,"text":441},{"id":508,"depth":131,"text":509},{"id":590,"depth":131,"text":591},{"id":624,"depth":131,"text":625},"md",{"tags":709},[710,711,407,712,713,714,715,716,717,718],"android-applicable","rule","drd","version-16","incomplete","wbv","version-1","draft","general","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below",{"title":30,"description":93},"3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F3.drd13-do-not-provide-addjavascriptinterface-method-access-in-a-webview-which-could-contain-untrusted-content-api-level-jelly_bean-or-below","79yGEbyMx_oVgZTUplPvP_Yw1SFCsxbMhOtXl1BGHFU",[724,728],{"title":725,"path":726,"stem":727,"children":-1},"DRD02-J. Do not allow WebView to access sensitive local resource through file scheme","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd02-j","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F2.drd02-j",{"title":729,"path":730,"stem":731,"children":-1},"DRD22. Do not cache sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv\u002Fdrd22-do-not-cache-sensitive-information","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F4.drd22-do-not-cache-sensitive-information",[733],{"title":734,"path":735,"stem":736,"children":737},"SCI CERT Android Secure Coding Standard","\u002Fandroid-secure-coding-standard","3.android-secure-coding-standard\u002F1.index",[738,739,789,1046,1143,1205,1227],{"title":734,"path":735,"stem":736},{"title":740,"path":741,"stem":742,"children":743},"Front Matter","\u002Fandroid-secure-coding-standard\u002Ffront-matter","3.android-secure-coding-standard\u002F2.front-matter\u002F1.index",[744,745,767],{"title":740,"path":741,"stem":742},{"title":746,"path":747,"stem":748,"children":749},"Guidelines for Wiki Contributors","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F1.index",[750,751,755,759,763],{"title":746,"path":747,"stem":748},{"title":752,"path":753,"stem":754},"Deprecations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fdeprecations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F2.deprecations",{"title":756,"path":757,"stem":758},"Editing Automated Detection Information","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-automated-detection-information","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F3.editing-automated-detection-information",{"title":760,"path":761,"stem":762},"Editing-Related Guidelines","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Fediting-related-guidelines","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F4.editing-related-guidelines",{"title":764,"path":765,"stem":766},"Rules versus Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fguidelines-for-wiki-contributors\u002Frules-versus-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F2.guidelines-for-wiki-contributors\u002F5.rules-versus-recommendations",{"title":768,"path":769,"stem":770,"children":771},"Introduction","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[772,773,777,781,785],{"title":768,"path":769,"stem":770},{"title":774,"path":775,"stem":776},"Introduction to Android-Only Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-android-only-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.introduction-to-android-only-rules",{"title":778,"path":779,"stem":780},"Introduction to C Rules and Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-c-rules-and-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.introduction-to-c-rules-and-recommendations",{"title":782,"path":783,"stem":784},"Introduction to Java Recommendations","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-recommendations","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.introduction-to-java-recommendations",{"title":786,"path":787,"stem":788},"Introduction to Java Rules","\u002Fandroid-secure-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fintroduction-to-java-rules","3.android-secure-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.introduction-to-java-rules",{"title":790,"path":791,"stem":792,"children":793},"Rules","\u002Fandroid-secure-coding-standard\u002Frules","3.android-secure-coding-standard\u002F3.rules\u002F01.index",[794,795,799,803,825,829,851,855,859,863,867,897,901,905,909,927,931,935,939,943,969,983,987,991,1013,1017,1021,1025,1029,1033,1037],{"title":790,"path":791,"stem":792},{"title":796,"path":797,"stem":798},"Application Programming Interfaces (API)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F3.rules\u002F02.application-programming-interfaces-api",{"title":800,"path":801,"stem":802},"Characters and String (STR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcharacters-and-string-str","3.android-secure-coding-standard\u002F3.rules\u002F03.characters-and-string-str",{"title":804,"path":805,"stem":806,"children":807},"Component Security (CPS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F1.index",[808,809,813,817,821],{"title":804,"path":805,"stem":806},{"title":810,"path":811,"stem":812},"DRD01-X. Limit the accessibility of an app's sensitive content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd01-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F2.drd01-x",{"title":814,"path":815,"stem":816},"DRD07-X. Protect exported services with strong permissions","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd07-x","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F3.drd07-x",{"title":818,"path":819,"stem":820},"DRD08-J. Always canonicalize a URL received by a content provider","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd08-j","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F4.drd08-j",{"title":822,"path":823,"stem":824},"DRD09. Restrict access to sensitive activities","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcomponent-security-cps\u002Fdrd09-restrict-access-to-sensitive-activities","3.android-secure-coding-standard\u002F3.rules\u002F04.component-security-cps\u002F5.drd09-restrict-access-to-sensitive-activities",{"title":826,"path":827,"stem":828},"Concurrency (CON)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fconcurrency-con","3.android-secure-coding-standard\u002F3.rules\u002F05.concurrency-con",{"title":830,"path":831,"stem":832,"children":833},"Cryptography (CRP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F1.index",[834,835,839,843,847],{"title":830,"path":831,"stem":832},{"title":836,"path":837,"stem":838},"DRD17-J. Do not use the Android cryptographic security provider encryption default for AES","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd17-j","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F2.drd17-j",{"title":840,"path":841,"stem":842},"DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F3.drd18-do-not-use-the-default-behavior-in-a-cryptographic-library-if-it-does-not-use-recommended-practices",{"title":844,"path":845,"stem":846},"DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F4.drd24-do-not-bundle-oauth-security-related-protocol-logic-or-sensitive-data-into-a-relying-partys-app",{"title":848,"path":849,"stem":850},"DRD25. Use constant-time encryption","\u002Fandroid-secure-coding-standard\u002Frules\u002Fcryptography-crp\u002Fdrd25-use-constant-time-encryption","3.android-secure-coding-standard\u002F3.rules\u002F06.cryptography-crp\u002F5.drd25-use-constant-time-encryption",{"title":852,"path":853,"stem":854},"Declarations and Initialization (DCL)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F3.rules\u002F07.declarations-and-initialization-dcl",{"title":856,"path":857,"stem":858},"Environment (ENV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fenvironment-env","3.android-secure-coding-standard\u002F3.rules\u002F08.environment-env",{"title":860,"path":861,"stem":862},"Error Handling (ERR)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ferror-handling-err","3.android-secure-coding-standard\u002F3.rules\u002F09.error-handling-err",{"title":864,"path":865,"stem":866},"Expressions (EXP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fexpressions-exp","3.android-secure-coding-standard\u002F3.rules\u002F10.expressions-exp",{"title":868,"path":869,"stem":870,"children":871},"File I\u002FO and Logging (FIO)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F1.index",[872,873,877,881,885,889,893],{"title":868,"path":869,"stem":870},{"title":874,"path":875,"stem":876},"DRD04-J. Do not log sensitive information","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd04-j","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F2.drd04-j",{"title":878,"path":879,"stem":880},"DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F3.drd00-do-not-store-sensitive-information-on-external-storage-sd-card-unless-encrypted-first",{"title":882,"path":883,"stem":884},"DRD11. Ensure that sensitive data is kept secure","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd11-ensure-that-sensitive-data-is-kept-secure","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F4.drd11-ensure-that-sensitive-data-is-kept-secure",{"title":886,"path":887,"stem":888},"DRD12. Do not trust data from world-writable files","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd12-do-not-trust-data-from-world-writable-files","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F5.drd12-do-not-trust-data-from-world-writable-files",{"title":890,"path":891,"stem":892},"DRD23. Do not use world readable or writeable to share files between apps","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F6.drd23-do-not-use-world-readable-or-writeable-to-share-files-between-apps",{"title":894,"path":895,"stem":896},"DRD28 Do not load world-writable libraries","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffile-io-and-logging-fio\u002Fdrd28-do-not-load-world-writable-libraries","3.android-secure-coding-standard\u002F3.rules\u002F11.file-io-and-logging-fio\u002F7.drd28-do-not-load-world-writable-libraries",{"title":898,"path":899,"stem":900},"Floating Point (FLP)","\u002Fandroid-secure-coding-standard\u002Frules\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F3.rules\u002F12.floating-point-flp",{"title":902,"path":903,"stem":904},"Input Validation and Data Sanitization (IDS)","\u002Fandroid-secure-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F3.rules\u002F13.input-validation-and-data-sanitization-ids",{"title":906,"path":907,"stem":908},"Integers (INT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintegers-int","3.android-secure-coding-standard\u002F3.rules\u002F14.integers-int",{"title":910,"path":911,"stem":912,"children":913},"Intent (ITT)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F1.index",[914,915,919,923],{"title":910,"path":911,"stem":912},{"title":916,"path":917,"stem":918},"DRD03-J. Do not broadcast sensitive information using an implicit intent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd03-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F2.drd03-j",{"title":920,"path":921,"stem":922},"DRD21-J. Always pass explicit intents to a PendingIntent","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd21-j","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F3.drd21-j",{"title":924,"path":925,"stem":926},"DRD06. Verify the caller of intents before acting on them","\u002Fandroid-secure-coding-standard\u002Frules\u002Fintent-itt\u002Fdrd06-verify-the-caller-of-intents-before-acting-on-them","3.android-secure-coding-standard\u002F3.rules\u002F15.intent-itt\u002F4.drd06-verify-the-caller-of-intents-before-acting-on-them",{"title":928,"path":929,"stem":930},"Java Native Interface (JNI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F3.rules\u002F16.java-native-interface-jni",{"title":932,"path":933,"stem":934},"Locking (LCK)","\u002Fandroid-secure-coding-standard\u002Frules\u002Flocking-lck","3.android-secure-coding-standard\u002F3.rules\u002F17.locking-lck",{"title":936,"path":937,"stem":938},"Memory Management (MEM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F3.rules\u002F18.memory-management-mem",{"title":940,"path":941,"stem":942},"Methods (MET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmethods-met","3.android-secure-coding-standard\u002F3.rules\u002F19.methods-met",{"title":944,"path":945,"stem":946,"children":947},"Miscellaneous (MSC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F1.index",[948,949,953,957,961,965],{"title":944,"path":945,"stem":946},{"title":950,"path":951,"stem":952},"DRD10-X. Do not release apps that are debuggable","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd10-x","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F2.drd10-x",{"title":954,"path":955,"stem":956},"DRD15-J. Consider privacy concerns when using Geolocation API","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd15-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F3.drd15-j",{"title":958,"path":959,"stem":960},"DRD26-J. For OAuth, use a secure Android method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd26-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F4.drd26-j",{"title":962,"path":963,"stem":964},"DRD27-J. For OAuth, use an explicit intent method to deliver access tokens","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd27-j","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F5.drd27-j",{"title":966,"path":967,"stem":968},"DRD25. To request user permission for OAuth, identify relying party and its permissions scope","\u002Fandroid-secure-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fdrd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope","3.android-secure-coding-standard\u002F3.rules\u002F20.miscellaneous-msc\u002F6.drd25-to-request-user-permission-for-oauth-identify-relying-party-and-its-permissions-scope",{"title":970,"path":971,"stem":972,"children":973},"Network - SSL\u002FTLS (NET)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F1.index",[974,975,979],{"title":970,"path":971,"stem":972},{"title":976,"path":977,"stem":978},"DRD23-J. Do not use loopback when handling sensitive data","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd23-j","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F2.drd23-j",{"title":980,"path":981,"stem":982},"DRD19. Properly verify server certificate on SSL\u002FTLS","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnetwork-ssltls-net\u002Fdrd19-properly-verify-server-certificate-on-ssltls","3.android-secure-coding-standard\u002F3.rules\u002F21.network-ssltls-net\u002F3.drd19-properly-verify-server-certificate-on-ssltls",{"title":984,"path":985,"stem":986},"Numeric Types and Operations (NUM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F3.rules\u002F22.numeric-types-and-operations-num",{"title":988,"path":989,"stem":990},"Object Orientation (OBJ)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F3.rules\u002F23.object-orientation-obj",{"title":992,"path":993,"stem":994,"children":995},"Permission (PER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F1.index",[996,997,1001,1005,1009],{"title":992,"path":993,"stem":994},{"title":998,"path":999,"stem":1000},"DRD05-J. Do not grant URI permissions on implicit intents","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd05-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F2.drd05-j",{"title":1002,"path":1003,"stem":1004},"DRD14-J. Check that a calling app has appropriate permissions before responding","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd14-j","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F3.drd14-j",{"title":1006,"path":1007,"stem":1008},"DRD16-X. Explicitly define the exported attribute for private components","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd16-x","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F4.drd16-x",{"title":1010,"path":1011,"stem":1012},"DRD20-C. Specify permissions when creating files via the NDK","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpermission-per\u002Fdrd20-c","3.android-secure-coding-standard\u002F3.rules\u002F24.permission-per\u002F5.drd20-c",{"title":1014,"path":1015,"stem":1016},"Platform Security (SEC)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F3.rules\u002F25.platform-security-sec",{"title":1018,"path":1019,"stem":1020},"Preprocessor (PRE)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F3.rules\u002F26.preprocessor-pre",{"title":1022,"path":1023,"stem":1024},"Serialization (SER)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fserialization-ser","3.android-secure-coding-standard\u002F3.rules\u002F27.serialization-ser",{"title":1026,"path":1027,"stem":1028},"Thread APIs (THI)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F3.rules\u002F28.thread-apis-thi",{"title":1030,"path":1031,"stem":1032},"Thread-Safety Miscellaneous (TSM)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F3.rules\u002F29.thread-safety-miscellaneous-tsm",{"title":1034,"path":1035,"stem":1036},"Visibility and Atomicity (VNA)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F3.rules\u002F30.visibility-and-atomicity-vna",{"title":1038,"path":1039,"stem":1040,"children":1041},"WebView (WBV)","\u002Fandroid-secure-coding-standard\u002Frules\u002Fwebview-wbv","3.android-secure-coding-standard\u002F3.rules\u002F31.webview-wbv\u002F1.index",[1042,1043,1044,1045],{"title":1038,"path":1039,"stem":1040},{"title":725,"path":726,"stem":727},{"title":30,"path":719,"stem":721},{"title":729,"path":730,"stem":731},{"title":1047,"path":1048,"stem":1049,"children":1050},"Recommendations","\u002Fandroid-secure-coding-standard\u002Frecommendations","3.android-secure-coding-standard\u002F4.recommendations\u002F01.index",[1051,1052,1055,1059,1062,1065,1068,1071,1074,1077,1080,1083,1086,1089,1092,1095,1098,1101,1104,1107,1110,1113,1116,1119,1122,1125,1128,1131,1134,1137,1140],{"title":1047,"path":1048,"stem":1049},{"title":796,"path":1053,"stem":1054},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","3.android-secure-coding-standard\u002F4.recommendations\u002F02.application-programming-interfaces-api",{"title":1056,"path":1057,"stem":1058},"Characters and Strings (STR)","\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","3.android-secure-coding-standard\u002F4.recommendations\u002F03.characters-and-strings-str",{"title":804,"path":1060,"stem":1061},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcomponent-security-cps","3.android-secure-coding-standard\u002F4.recommendations\u002F04.component-security-cps",{"title":826,"path":1063,"stem":1064},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fconcurrency-con","3.android-secure-coding-standard\u002F4.recommendations\u002F05.concurrency-con",{"title":830,"path":1066,"stem":1067},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fcryptography-crp","3.android-secure-coding-standard\u002F4.recommendations\u002F06.cryptography-crp",{"title":852,"path":1069,"stem":1070},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","3.android-secure-coding-standard\u002F4.recommendations\u002F07.declarations-and-initialization-dcl",{"title":856,"path":1072,"stem":1073},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fenvironment-env","3.android-secure-coding-standard\u002F4.recommendations\u002F08.environment-env",{"title":860,"path":1075,"stem":1076},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ferror-handling-err","3.android-secure-coding-standard\u002F4.recommendations\u002F09.error-handling-err",{"title":864,"path":1078,"stem":1079},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fexpressions-exp","3.android-secure-coding-standard\u002F4.recommendations\u002F10.expressions-exp",{"title":868,"path":1081,"stem":1082},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffile-io-and-logging-fio","3.android-secure-coding-standard\u002F4.recommendations\u002F11.file-io-and-logging-fio",{"title":898,"path":1084,"stem":1085},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Ffloating-point-flp","3.android-secure-coding-standard\u002F4.recommendations\u002F12.floating-point-flp",{"title":902,"path":1087,"stem":1088},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","3.android-secure-coding-standard\u002F4.recommendations\u002F13.input-validation-and-data-sanitization-ids",{"title":906,"path":1090,"stem":1091},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintegers-int","3.android-secure-coding-standard\u002F4.recommendations\u002F14.integers-int",{"title":910,"path":1093,"stem":1094},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fintent-itt","3.android-secure-coding-standard\u002F4.recommendations\u002F15.intent-itt",{"title":928,"path":1096,"stem":1097},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fjava-native-interface-jni","3.android-secure-coding-standard\u002F4.recommendations\u002F16.java-native-interface-jni",{"title":932,"path":1099,"stem":1100},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Flocking-lck","3.android-secure-coding-standard\u002F4.recommendations\u002F17.locking-lck",{"title":936,"path":1102,"stem":1103},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmemory-management-mem","3.android-secure-coding-standard\u002F4.recommendations\u002F18.memory-management-mem",{"title":940,"path":1105,"stem":1106},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmethods-met","3.android-secure-coding-standard\u002F4.recommendations\u002F19.methods-met",{"title":944,"path":1108,"stem":1109},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","3.android-secure-coding-standard\u002F4.recommendations\u002F20.miscellaneous-msc",{"title":970,"path":1111,"stem":1112},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnetwork-ssltls-net","3.android-secure-coding-standard\u002F4.recommendations\u002F21.network-ssltls-net",{"title":984,"path":1114,"stem":1115},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fnumeric-types-and-operations-num","3.android-secure-coding-standard\u002F4.recommendations\u002F22.numeric-types-and-operations-num",{"title":988,"path":1117,"stem":1118},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fobject-orientation-obj","3.android-secure-coding-standard\u002F4.recommendations\u002F23.object-orientation-obj",{"title":992,"path":1120,"stem":1121},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpermission-per","3.android-secure-coding-standard\u002F4.recommendations\u002F24.permission-per",{"title":1014,"path":1123,"stem":1124},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fplatform-security-sec","3.android-secure-coding-standard\u002F4.recommendations\u002F25.platform-security-sec",{"title":1018,"path":1126,"stem":1127},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","3.android-secure-coding-standard\u002F4.recommendations\u002F26.preprocessor-pre",{"title":1022,"path":1129,"stem":1130},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fserialization-ser","3.android-secure-coding-standard\u002F4.recommendations\u002F27.serialization-ser",{"title":1026,"path":1132,"stem":1133},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-apis-thi","3.android-secure-coding-standard\u002F4.recommendations\u002F28.thread-apis-thi",{"title":1030,"path":1135,"stem":1136},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fthread-safety-miscellaneous-tsm","3.android-secure-coding-standard\u002F4.recommendations\u002F29.thread-safety-miscellaneous-tsm",{"title":1034,"path":1138,"stem":1139},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fvisibility-and-atomicity-vna","3.android-secure-coding-standard\u002F4.recommendations\u002F30.visibility-and-atomicity-vna",{"title":1038,"path":1141,"stem":1142},"\u002Fandroid-secure-coding-standard\u002Frecommendations\u002Fwebview-wbv","3.android-secure-coding-standard\u002F4.recommendations\u002F31.webview-wbv",{"title":1144,"path":1145,"stem":1146,"children":1147},"By Language","\u002Fandroid-secure-coding-standard\u002Fby-language","3.android-secure-coding-standard\u002F5.by-language\u002F1.index",[1148,1149,1153,1175,1179,1201],{"title":1144,"path":1145,"stem":1146},{"title":1150,"path":1151,"stem":1152},"Android Only","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fandroid-only","3.android-secure-coding-standard\u002F5.by-language\u002F2.android-only",{"title":1154,"path":1155,"stem":1156,"children":1157},"C Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F1.index",[1158,1159,1163,1167,1171],{"title":1154,"path":1155,"stem":1156},{"title":1160,"path":1161,"stem":1162},"Applicable in Principle to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-in-principle-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F2.applicable-in-principle-to-android-c-rulesrecomendations",{"title":1164,"path":1165,"stem":1166},"Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fapplicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F3.applicable-to-android-c-rulesrecomendations",{"title":1168,"path":1169,"stem":1170},"Not Applicable to Android (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Fnot-applicable-to-android-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F4.not-applicable-to-android-c-rulesrecomendations",{"title":1172,"path":1173,"stem":1174},"Unknown Applicability (C Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fc-coding-language\u002Funknown-applicability-c-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F3.c-coding-language\u002F5.unknown-applicability-c-rulesrecomendations",{"title":1176,"path":1177,"stem":1178},"C++ Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fcpp-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F4.cpp-coding-language",{"title":1180,"path":1181,"stem":1182,"children":1183},"Java Coding Language","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F1.index",[1184,1185,1189,1193,1197],{"title":1180,"path":1181,"stem":1182},{"title":1186,"path":1187,"stem":1188},"Applicable in Principle to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-in-principle-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F2.applicable-in-principle-to-android-java-rulesrecomendations",{"title":1190,"path":1191,"stem":1192},"Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fapplicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F3.applicable-to-android-java-rulesrecomendations",{"title":1194,"path":1195,"stem":1196},"Not Applicable to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Fnot-applicable-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F4.not-applicable-to-android-java-rulesrecomendations",{"title":1198,"path":1199,"stem":1200},"Unknown Applicability to Android (Java Rules\u002FRecomendations)","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fjava-coding-language\u002Funknown-applicability-to-android-java-rulesrecomendations","3.android-secure-coding-standard\u002F5.by-language\u002F5.java-coding-language\u002F5.unknown-applicability-to-android-java-rulesrecomendations",{"title":1202,"path":1203,"stem":1204},"XML","\u002Fandroid-secure-coding-standard\u002Fby-language\u002Fxml","3.android-secure-coding-standard\u002F5.by-language\u002F6.xml",{"title":1206,"path":1207,"stem":1208,"children":1209},"Back Matter","\u002Fandroid-secure-coding-standard\u002Fback-matter","3.android-secure-coding-standard\u002F6.back-matter\u002F1.index",[1210,1211,1215],{"title":1206,"path":1207,"stem":1208},{"title":1212,"path":1213,"stem":1214},"AA. Bibliography","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Faa-bibliography","3.android-secure-coding-standard\u002F6.back-matter\u002F2.aa-bibliography",{"title":1216,"path":1217,"stem":1218,"children":1219},"BB. Analyzers","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F1.index",[1220,1221,1223],{"title":1216,"path":1217,"stem":1218},{"title":561,"path":560,"stem":1222},"3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F2.codesonar",{"title":1224,"path":1225,"stem":1226},"CodeSonar_V","\u002Fandroid-secure-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcodesonar_v","3.android-secure-coding-standard\u002F6.back-matter\u002F3.bb-analyzers\u002F3.codesonar_v",{"title":1228,"path":1229,"stem":1230,"children":1231},"Admin","\u002Fandroid-secure-coding-standard\u002Fadmin","3.android-secure-coding-standard\u002F7.admin\u002F01.index",[1232,1233,1237,1241,1245,1249,1253,1257,1261,1265,1269,1273,1277,1281,1285,1289],{"title":1228,"path":1229,"stem":1230},{"title":1234,"path":1235,"stem":1236},"About the OurCS Workshop","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fabout-the-ourcs-workshop","3.android-secure-coding-standard\u002F7.admin\u002F02.about-the-ourcs-workshop",{"title":1238,"path":1239,"stem":1240},"Android Applicability Summary","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-applicability-summary","3.android-secure-coding-standard\u002F7.admin\u002F03.android-applicability-summary",{"title":1242,"path":1243,"stem":1244},"Android (DRD)","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fandroid-drd","3.android-secure-coding-standard\u002F7.admin\u002F04.android-drd",{"title":1246,"path":1247,"stem":1248},"Avoid having unreachable code","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Favoid-having-unreachable-code","3.android-secure-coding-standard\u002F7.admin\u002F05.avoid-having-unreachable-code",{"title":1250,"path":1251,"stem":1252},"C Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fc-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F06.c-space-change-history-log",{"title":1254,"path":1255,"stem":1256},"Copy of Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcopy-of-rule-template","3.android-secure-coding-standard\u002F7.admin\u002F07.copy-of-rule-template",{"title":1258,"path":1259,"stem":1260},"C++ Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fcpp-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F08.cpp-space-change-history-log",{"title":1262,"path":1263,"stem":1264},"Dictionary of Labels","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fdictionary-of-labels","3.android-secure-coding-standard\u002F7.admin\u002F09.dictionary-of-labels",{"title":1266,"path":1267,"stem":1268},"How to Change Applicability When a Rules and Recommendations Change","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fhow-to-change-applicability-when-a-rules-and-recommendations-change","3.android-secure-coding-standard\u002F7.admin\u002F10.how-to-change-applicability-when-a-rules-and-recommendations-change",{"title":1270,"path":1271,"stem":1272},"Java Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fjava-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F11.java-space-change-history-log",{"title":1274,"path":1275,"stem":1276},"Labels in this Space","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Flabels-in-this-space","3.android-secure-coding-standard\u002F7.admin\u002F12.labels-in-this-space",{"title":1278,"path":1279,"stem":1280},"Perl Space Change History Log","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fperl-space-change-history-log","3.android-secure-coding-standard\u002F7.admin\u002F13.perl-space-change-history-log",{"title":1282,"path":1283,"stem":1284},"Resources for new Android app secure coding rules and guidelines","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Fresources-for-new-android-app-secure-coding-rules-and-guidelines","3.android-secure-coding-standard\u002F7.admin\u002F14.resources-for-new-android-app-secure-coding-rules-and-guidelines",{"title":1286,"path":1287,"stem":1288},"Rule Template","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frule-template","3.android-secure-coding-standard\u002F7.admin\u002F15.rule-template",{"title":1290,"path":1291,"stem":1292},"Rules Applicable for Both the Android Platform and Other Platforms","\u002Fandroid-secure-coding-standard\u002Fadmin\u002Frules-applicable-for-both-the-android-platform-and-other-platforms","3.android-secure-coding-standard\u002F7.admin\u002F16.rules-applicable-for-both-the-android-platform-and-other-platforms",1775657824437]