50. Android (DRD)

The following rules and guidelines are specific only to the Android platform. These do not apply to the development of Java or C programs for non-Android platforms. (The full set of Android -relevant rules and guidelines are here.) The term sensitive incorporates the Java glossary definition of sensitive data, as well as the Android concept of permission-protected.

• Page:
  Avoid having unreachable code
• Page:
  Copy of Rule Template
• Page:
  DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first
• Page:
  DRD01-X. Limit the accessibility of an app's sensitive content provider
• Page:
  DRD02-J. Do not allow WebView to access sensitive local resource through file scheme
• Page:
  DRD03-J. Do not broadcast sensitive information using an implicit intent
• Page:
  DRD04-J. Do not log sensitive information
• Page:
  DRD05-J. Do not grant URI permissions on implicit intents
• Page:
  DRD06. Do not act on malicious intents
• Page:
  DRD07-X. Protect exported services with strong permissions
• Page:
  DRD08-J. Always canonicalize a URL received by a content provider
• Page:
  DRD09. Restrict access to sensitive activities
• Page:
  DRD10-X. Do not release apps that are debuggable
• Page:
  DRD11. Ensure that sensitive data is kept secure
• Page:
  DRD12. Do not trust data that is world writable
• Page:
  DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)
• Page:
  DRD14-J. Check that a calling app has appropriate permissions before responding
• Page:
  DRD15-J. Consider privacy concerns when using Geolocation API
• Page:
  DRD16-X. Explicitly define the exported attribute for private components
• Page:
  DRD17-J. Do not use the Android cryptographic security provider encryption default for AES
• Page:
  DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices
• Page:
  DRD19. Properly verify server certificate on SSL/TLS
• Page:
  DRD20-C. Specify permissions when creating files via the NDK
• Page:
  DRD21-J. Always pass explicit intents to a PendingIntent
• Page:
  DRD22. Do not cache sensitive information
• Page:
  DRD23-J. Do not use loopback when handling sensitive data
• Page:
  DRD23. Do not use world readable or writeable to share files between apps
• Page:
  DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app
• Page:
  DRD25. To request user permission for OAuth, identify relying party and its permissions scope
• Page:
  DRD25. Use constant-time encryption
• Page:
  DRD26-J. For OAuth, use a secure Android method to deliver access tokens
• Page:
  DRD27-J. For OAuth, use an explicit intent method to deliver access tokens
• Page:
  Rule Template

Risk Assessment Summary

ENV05-J. Do not deploy an application that can be remotely monitored      The CERT Oracle Coding Standard for Java      MSC00-J. Use SSLSocket rather than Socket for secure data exchange