(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)
In Android apps, if the export value of a component is explicitly marked false in the app's manifest file, the component is made private. Any application can access components that are not explicitly assigned an access permission.
Noncompliant Code Example
This noncompliant code example shows an application that creates a file that is world readable, and hence not secure.
...
Any application can access components that are not explicitly assigned an access permission.
Compliant Solution
In this compliant solution the file is created using MODE_PRIVATE, so it cannot be accessed other than by apps with the same userid as the app that created the file export value of a component is explicitly marked false in the app's manifest file, making the component private.
| Code Block | ||
|---|---|---|
| ||
Risk Assessment
By not limiting access to a component intended to be private, sensitive information or capabilities could be leaked.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DRD16-J | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Automatic detection of the labelling of every component in the manifest as exported true or false would be straightforward. It is not feasible to automatically determine whether the component was meant to be private or not.
Bibliography
| [Android API 2013] | Class Context |
| [Enck 09]2009 | Understanding Android Security |
...