...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|
DRD01-J | high | probable | low | P18 | L1 |
Automated Detection
It is trivial to automatically detect when a content provider is declared public.
...
Android Secure Coding Guidebook by JSSEC | 4.3. Creating/Using a Content Provider (2013/4/1 edition)
4.3.1.1. Creating/Using a private content provider
4.3.1.3. Creating/Using a partner-limited content provider (white listing)
4.3.1.4. Creating/Using a private content provider (signature permission)
4.3.1.5. Creating/Using a temporary content provider
4.3.2.1. Never create a content provider to be used only within the app for Android 2.2 (API Level 8) and before
4.3.2.2. Never publish a content provider which is intended to be used only within the application
4.3.2.4. Verify signature permission before use |
Bibliography
[JSSEC 2013] | 4.3. Creating/Using a Content Provider (2013/4/1 edition) |
...
