Android

Space shortcuts

Page tree

Versions Compared

Old Version 11

changes.mady.by.user Robin Yuan

Saved on

compared with

New Version 12

changes.mady.by.user Robin Yuan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added my name and updated related guidelines

(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)

This rule was developed in part by Robin Yuan at the October 20-22, 2017 OurCS Workshop (http://www.cs.cmu.edu/ourcs/register.html). 
For more information about this statement, see the About the OurCS Workshop page.

Chin, et al., [Chin 2011] says: "If a Service is exported and not protected with strong permissions, then any application can start and bind to the Service. Depending on the duties of a particular Service, it may leak information or perform unauthorized tasks. Services sometimes maintain singleton application state, which could be corrupted."

...

Automatic detection of an exported service is straightforward. It is not feasible to automatically determine whether appropriate permissions have been set in the manifest.

Related Guidelines

Fill in the table below with at least one entry row, per these instructions, then remove this purple-font section.

 CWE-926

Improper Export of Android Application Components

 TBD (e.g., MITRE CWE) 

Bibliography

[Chin 2011]Analyzing Inter-Application Communication in Android

...