Android (DRD)
The following rules and guidelines are specific only to the Android platform. These do not apply to the development of Java or C programs for non-Android platforms. (The full set of Android-relevant rules and guidelines are here .) The term sensitive incorporates the Java glossary definition of sensitive data as well as the Android concept of permission-protected.
- Avoid having unreachable code
- Copy of Rule Template
- DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first
- DRD01-X. Limit the accessibility of an app's sensitive content provider
- DRD02-J. Do not allow WebView to access sensitive local resource through file scheme
- DRD03-J. Do not broadcast sensitive information using an implicit intent
- DRD04-J. Do not log sensitive information
- DRD05-J. Do not grant URI permissions on implicit intents
- DRD06. Verify the caller of intents before acting on them
- DRD07-X. Protect exported services with strong permissions
- DRD08-J. Always canonicalize a URL received by a content provider
- DRD09. Restrict access to sensitive activities
- DRD10-X. Do not release apps that are debuggable
- DRD11. Ensure that sensitive data is kept secure
- DRD12. Do not trust data from world-writable files
- DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)
- DRD14-J. Check that a calling app has appropriate permissions before responding
- DRD15-J. Consider privacy concerns when using Geolocation API
- DRD16-X. Explicitly define the exported attribute for private components
- DRD17-J. Do not use the Android cryptographic security provider encryption default for AES
- DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices
- DRD19. Properly verify server certificate on SSL/TLS
- DRD20-C. Specify permissions when creating files via the NDK
- DRD21-J. Always pass explicit intents to a PendingIntent
- DRD22. Do not cache sensitive information
- DRD23-J. Do not use loopback when handling sensitive data
- DRD23. Do not use world readable or writeable to share files between apps
- DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app
- DRD25. To request user permission for OAuth, identify relying party and its permissions scope
- DRD25. Use constant-time encryption
- DRD26-J. For OAuth, use a secure Android method to deliver access tokens
- DRD27-J. For OAuth, use an explicit intent method to deliver access tokens
- DRD28 Do not load world-writable libraries
- Rule Template
Risk Assessment Summary
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
| DRD00-J | Medium | Probable | Medium | P12 | L1 |
| DRD01-J | Medium | Probable | Low | P18 | L1 |
| DRD02-J | Medium | Probable | High | P6 | L2 |
| DRD03-J | Medium | Probable | Medium | P8 | L2 |
| DRD04-J | Medium | Probable | Medium | P8 | L2 |
| DRD05-J | High | Probable | Medium | P12 | L1 |
| DRD06-J | High | Probable | Medium | P12 | L1 |
| DRD07-J | High | Probable | Medium | P12 | L1 |
| DRD08-J | High | Probable | Low | P18 | L1 |
| DRD09-J | High | Probable | Medium | P12 | L1 |
| DRD10-J | High | Probable | Low | P18 | L1 |
| DRD11-J | High | Probable | Medium | P12 | L1 |
| DRD12-J | High | Probable | Medium | P12 | L1 |
| DRD13-J | High | Probable | Medium | P12 | L1 |
| DRD14-J | High | Probable | Medium | P12 | L1 |
| DRD15-J | Low | Probable | Medium | P4 | L3 |
| DRD16-J | Medium | Probable | Medium | P8 | L2 |
| DRD17-J | High | Likely | Medium | P18 | L1 |
| DRD18-J | High | Likely | Medium | P18 | L1 |
| DRD19-J | High | Probable | Medium | P12 | L1 |
| DRD20-J | High | Probable | Medium | P12 | L1 |
| DRD21-J | Medium | Probable | Medium | P8 | L2 |
| DRD22-J | Medium | Probable | High | P4 | L3 |
| DRD23-J | Medium | Probable | Medium | P8 | L2 |
| DRD24-J | Medium | Probable | |||
| DRD25-J | Medium | Probable | |||
| DRD26-J |
