Sensitive Information: SMS: Uri.parse :: Recipe Details

Recipe Name:

Sensitive Information: SMS: Uri.parse

Description:

Usage of SMS discouraged

Level:

error

Language:

java

Tags:

security
framework specific
mobile
Android

Documentation

It is discouraged to use SMS for any sensitive data. SMS is neither encrypted nor strongly authenticated on either the network or the device.

Example of SMS permissions:

<uses-permission android:name="android.permission.SEND_SMS"/>
<uses-permission android:name="android.permission.RECEIVE_SMS"/>

Example of SMS messaging:

String message = "user:"+user+";Password:"+password;
Intent intent = new Intent(Intent.ACTION_VIEW, Uri.parse("sms:" + phoneNumber));   
intent.putExtra("sms_body", message);
startActivity(intent);

Resources:

Android Special Permissions

Recipe

id: scw:android:uri-parse-sms
version: 10
metadata:
  name: 'Sensitive Information: SMS: Uri.parse'
  shortDescription: Usage of SMS discouraged
  level: error
  language: java
  enabled: true
  comment: ""
  descriptionFile: Manifest/descriptions/Manifest_Best_Practices__Permissions__SMS.html
  tags: security;framework specific;mobile;Android
search:
  methodcall:
    args:
      1:
        value:
          stringified:
            contains: sms
    name: parse
    type: android.net.Uri
availableFixes:
- name: Remove SMS usage
  actions:
  - remove:
      target: self