Cookbook Name:
Android Security Set
Description:
Recipes created from security recommendations in the official Android documentation (https://developer.android.com/), including checks for the manifest file, injection vulnerability, configuration and storage.
Owner:
Secure Code Warrior
Number of Recipes:
19
Recipe Name Description Language Level Tags
Mobile/Android SDK
Data Protection - Secure Data Display: Avoid Data Exposure: Use FlagSecureHelper to create toasts Could lead to Data Exposure java error securityframework specificmobileAndroidAndroid security set
Data Protection - Secure Data Display: Avoid Data Exposure: Use FlagSecureHelper to create toasts Compliant Could lead to Data Exposure - Compliant java compliant securityframework specificmobileAndroidAndroid security set
Data Protection - Secure Data Display: Avoid Data Exposure: set FLAG_SECURE Could leak sensitive information java error securitymobileframework specificAndroidAndroid security set
Mobile/Android SDK/SQLite
Insecure Data Storage: Use SQLCipher Database (all other methods) SQLite Databases are an insecure means of storage java warning securityframework specificmobileAndroidSQLAndroid security set
Insecure Data Storage: Use SQLCipher Database (creation) SQLite Databases are an insecure means of storage java warning securityframework specificmobileAndroidSQLAndroid security set
SQL Injection: SQLiteQueryBuilder compileStatement Compliant SQL Injection: SQLiteQueryBuilder compileStatement - Compliant java compliant securityframework specificmobileinjectionAndroidSQLAndroid security setOWASP Top 10
Mobile/Android SDK/Storage
Data Protection: Avoid Data Exposure - Avoid Device Protected Storage - Compliant Compliant java compliant securityframework specificmobileAndroidAndroid security set
Storage best practices: insecure operating mode When using this value other applications will have access to your application's data java error securityframework specificmobileAndroidAndroid security set
Mobile/Android SDK/WebView
Android WebView best practices: Disable Content Access Enabling content access in the webview could lead to misuse java error securityframework specificAndroidmobileAndroid security set
Android WebView best practices: Disable Content Access (setter) Enabling content access in the webview could lead to misuse java error securityframework specificAndroidmobileAndroid security set
Android WebView best practices: Insecure mixed content mode Insecure content may be allowed to be loaded by a secure origin java error securityframework specificAndroidmobileAndroid security set
Android WebView best practices: Insecure settings Enabling this WebView setting has security implications java warning securityframework specificAndroidmobileAndroid security set
Android WebView best practices: Set mixed content mode WebView setting with security implications java error securityframework specificAndroidmobileAndroid security set
WebView Best Practices: Disable File Access (constructor) Enabling file access in the webview could lead to misuse java error securityframework specificAndroidmobileAndroid security set
WebView Best Practices: Disable File Access (setter) Enabling file access in the webview could lead to misuse java error securityframework specificAndroidmobileAndroid security set
WebView best practices: Disable Geolocation (constructor) Enabling geolocation in the webview could lead to data exposure java error securityframework specificAndroidmobileAndroid security set
WebView best practices: Disable Geolocation (setter) Enabling geolocation in the webview could lead to data exposure java error securityframework specificAndroidmobileAndroid security set
WebView best practices: Disable JavaScript (constructor) Enabling JavaScript in the webview could lead to XSS java error securityframework specificAndroidmobileAndroid security set
WebView best practices: Disable JavaScript (setter) Enabling JavaScript in the webview could lead to XSS java error securityframework specificAndroidmobileAndroid security set
Markdown badge:
View on Github