Explore

Filters (0) Clear filters
Languages
Level
Tags

1-25 of 49

Android WebView best practices: Disable Content Access

Enabling content access in the webview could lead to misuse

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
Android WebView best practices: Disable Content Access (setter)

Enabling content access in the webview could lead to misuse

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
Android WebView best practices: Insecure mixed content mode

Insecure content may be allowed to be loaded by a secure origin

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
Android WebView best practices: Insecure settings

Enabling this WebView setting has security implications

  • warning
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
Android WebView best practices: Set mixed content mode

WebView setting with security implications

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
Code Injection: ExifInterface can lead to DoS or RCE

This text will be shown as a tooltip when code violates this recipe

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
Code Injection: Prevent use of CreatePackageContext

Do not use the createPackageContext to dynamically load code

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
Code Injection: Prevent use of DexClassLoader

Do not use the DexClassLoader to dynamically load code

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
Configuration - User Interface: Avoid Tapjacking: Add filterTouchesWhenObscured

Not setting filterTouchesWhenObscured to true allows adversaries to hijack users' taps.

  • warning
  • xml
  • security
  • framework specific
  • mobile
  • Android
Configuration - User Interface: Avoid Tapjacking: Enable filterTouchesWhenObscured

Setting filterTouchesWhenObscured to false allows adversaries to hijack users' taps.

  • warning
  • xml
  • security
  • mobile
  • framework specific
  • Android
Data Protection: Avoid Data Exposure - Avoid Device Protected Storage - Compliant

Compliant

  • compliant
  • java
  • security
  • framework specific
  • mobile
  • Android
  • Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: set FLAG_SECURE

Could leak sensitive information

  • error
  • java
  • security
  • mobile
  • framework specific
  • Android
  • Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: Use FlagSecureHelper to create toasts

Could lead to Data Exposure

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
  • Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: Use FlagSecureHelper to create toasts Compliant

Could lead to Data Exposure - Compliant

  • compliant
  • java
  • security
  • framework specific
  • mobile
  • Android
  • Android security set
Information Exposure: Avoid DeviceEncryptedStorage for Sensitive Information

Using DeviceEncryptedStorage for Sensitive information is insecure

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
Information Exposure: Avoid using hardware identifiers - Compliant

Using hardware identifiers is not recommended - compliant

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
Information Exposure: Do not place sensitive information on ClipBoard

Never copy sensitive information to the ClipBoard

  • info
  • java
  • security
  • framework specific
  • mobile
  • Android
Information Exposure: Sensitive information

Do not send sensitive information or put it on the clipboard

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
Insecure Data Storage: Store Sensitive Data in a Private Location (FileOutputStream constructor) in Activity

Do not store sensitive data in a public location

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
Insecure Data Storage: Store Sensitive Data in a Private Location (FileOutputStream constructor) in Fragment

Do not store sensitive data in a public location

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
Insecure Data Storage: Use SQLCipher Database (all other methods)

SQLite Databases are an insecure means of storage

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
  • SQL
  • Android security set
Insecure Data Storage: Use SQLCipher Database (creation)

SQLite Databases are an insecure means of storage

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
  • SQL
  • Android security set
Manifest Best Practices: Activity: launch mode should not be set

Launch mode should not be set for private activities

  • warning
  • xml
  • security
  • framework specific
  • mobile
  • Android
Manifest Best Practices: Activity: task affinity should not be set

Task affinity should not be set for private activities

  • warning
  • xml
  • security
  • framework specific
  • mobile
  • Android