Do not operate on unvalidated or untrusted data (also known as tainted data) in a privileged block. An attacker can supply malicious input that could result in privilege escalation attacks. Appropriate mitigations include hard coding values rather than accepting arguments (when appropriate) and validating or sanitizing data before performing privileged operations (see rule IDS00-J. Prevent SQL Injectioninjection).
Noncompliant Code Example
...
The code examples using the java.security package are not applicable to Android but the principle of the rule is applicable to Android apps.
Bibliography
[API 2006] | |
Sections 6.4, | |
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities |
...