Explore
26-49 of 49
Manifest best practices: Disable Backups
Enabling backups could lead to undesired manipulation
- error
- xml
- security
- framework specific
- mobile
- Android
Manifest best practices: disable cleartext traffic
When android:usesCleartextTraffic="true" is set the application will allow clear text traffic which could lead to data leakage
- error
- xml
- security
- framework specific
- mobile
- Android
Manifest best practices: explicit exported components
When android:exported is set to true any application will be able to call this component.
- error
- xml
- security
- framework specific
- mobile
- Android
Sensitive Information: SMS: intent.putExtra
Usage of SMS discouraged
- error
- java
- security
- framework specific
- mobile
- Android
Sensitive Information: SMS: Uri.parse
Usage of SMS discouraged
- error
- java
- security
- framework specific
- mobile
- Android
SQL Injection: SQLiteDatabase#execSQL
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 1st parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 2nd parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 3rd parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 5th parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder appendWhere
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder#buildQuery
This method is vulnerable to SQL injection. Consider writing the query instead of relying on builders.
- error
- java
- security
- framework specific
- mobile
- injection
- SQL
- Android
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder compileStatement
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder compileStatement Compliant
SQL Injection: SQLiteQueryBuilder compileStatement - Compliant
- compliant
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- Android security set
- OWASP Top 10
Storage best practices: deprecated operating mode
This operating mode has been deprecated
- warning
- java
- security
- framework specific
- mobile
- Android
Storage best practices: insecure operating mode
When using this value other applications will have access to your application's data
- error
- java
- security
- framework specific
- mobile
- Android
- Android security set
WebView Best Practices: Check URL to White List
Consider allowlist validation for URLs passed to this method
- error
- java
- security
- mobile
- framework specific
- Android
WebView Best Practices: Disable File Access (constructor)
Enabling file access in the webview could lead to misuse
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView Best Practices: Disable File Access (setter)
Enabling file access in the webview could lead to misuse
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView best practices: Disable Geolocation (constructor)
Enabling geolocation in the webview could lead to data exposure
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView best practices: Disable Geolocation (setter)
Enabling geolocation in the webview could lead to data exposure
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView best practices: Disable JavaScript (constructor)
Enabling JavaScript in the webview could lead to XSS
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView best practices: Disable JavaScript (setter)
Enabling JavaScript in the webview could lead to XSS
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView Best Practices: Do not allow access to local resources
Avoid targeting local resources
- warning
- java
- security
- framework specific
- mobile
- Android