Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
Android
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Browse pages
Configure
Space tools
Pages
search
attachments
weblink
advanced
Overview
Content Tools
Recently Updated
DRD21-J. Always pass explicit intents to a PendingIntent
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD01-X. Limit the accessibility of an app's sensitive content provider
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD24. Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD26-J. For OAuth, use a secure Android method to deliver access tokens
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD25. To request user permission for OAuth, identify relying party and its permissions scope
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD15-J. Consider privacy concerns when using Geolocation API
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD16-X. Explicitly define the exported attribute for private components
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD14-J. Check that a calling app has appropriate permissions before responding
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD23-J. Do not use loopback when handling sensitive data
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD02-J. Do not allow WebView to access sensitive local resource through file scheme
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD06. Verify the caller of intents before acting on them
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD03-J. Do not broadcast sensitive information using an implicit intent
Dec 02, 2025
•
updated by
David Svoboda
•
view change
DRD12. Do not trust data from world-writable files
Dec 02, 2025
•
updated by
David Svoboda
•
view change
Show More
Tree browser
Browse and reorder all pages
{"serverDuration": 76, "requestCorrelationId": "599e5aadfa02936b"}
