Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

50. Android (DRD)

Created by Robert Seacord, last modified by Unknown User (lflynn) on Feb 21, 2014

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

The following rules and recommended practices are specific only to the Android platform. They do not apply to the development of Java programs for other platforms and Android. (The full set of Android -relevant rules and guidelines are here.) The term sensitive incorporates the Java glossary definition of sensitive data, as well as the Android concept of permission-protected.

Page:

Avoid having unreachable code

Page:

Copy of Rule Template

Page:

DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first

Page:

DRD01-X. Limit the accessibility of an app's sensitive content provider

Page:

DRD02-J. Do not allow WebView to access sensitive local resource through file scheme

Page:

DRD03-J. Do not broadcast sensitive information using an implicit intent

Page:

DRD04-J. Do not log sensitive information

Page:

DRD05-J. Do not grant URI permissions on implicit intents

Page:

DRD06. Do not act on malicious intents

Page:

DRD07-X. Protect exported services with strong permissions

Page:

DRD08-J. Always canonicalize a URL received by a content provider

Page:

DRD09. Restrict access to sensitive activities

Page:

DRD10-X. Do not release apps that are debuggable

Page:

DRD11. Ensure that sensitive data is kept secure

Page:

DRD12. Do not trust data that is world writable

Page:

DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)

Page:

DRD14-J. Check that a calling app has appropriate permissions before responding

Page:

DRD15-J. Consider privacy concerns when using Geolocation API

Page:

DRD16-X. Explicitly define the exported attribute for private components

Page:

DRD17-J. Do not use the Android cryptographic security provider encryption default for AES

Page:

DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices

Page:

DRD19. Properly verify server certificate on SSL/TLS

Page:

DRD20-C. Specify permissions when creating files via the NDK

Page:

DRD21-J. Always pass explicit intents to a PendingIntent

Page:

DRD22. Do not cache sensitive information

Page:

DRD23-J. Do not use loopback when handling sensitive data

Page:

DRD23. Do not use world readable or writeable to share files between apps

Page:

DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app

Page:

DRD25. To request user permission for OAuth, identify relying party and its permissions scope

Page:

DRD25. Use constant-time encryption

Page:

DRD26-J. For OAuth, use a secure Android method to deliver access tokens

Page:

DRD27-J. For OAuth, use an explicit intent method to deliver access tokens

Page:

Rule Template

Risk Assessment Summary

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
DRD00-J	high	probable	medium	P12	L1
DRD01-J	high	probable	low	P18	L1
DRD02-J	high	probable	high	P6	L2
DRD03-J	High	Probable	Medium	P12	L1
DRD04-J	High	Probable	Medium	P12	L1
DRD08-J	High	Probable	Low	P18	L1
DRD09-J	High	Probable	Medium	P12	L1

ENV05-J. Do not deploy an application that can be remotely monitored The CERT Oracle Secure Coding Standard for Java MSC00-J. Use SSLSocket rather than Socket for secure data exchange

No labels