(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)

If an app is using a granted permission to respond to a calling app then it must check that the calling app has that permission as well. Otherwise, the responding app may be granting privileges to the calling app that it should not have.  (This is sometimes called the "confused deputy" problem.)

The methods Context.checkCallingPermission() and Context.enforceCallingPermission() can be used to ensure that the calling app has the correct permissions.

Noncompliant Code Example

This noncompliant code example shows an app responding to a calling app without first checking the permissions of the calling app.

TBD

Compliant Solution

In this compliant solution the permissions of the calling app are checked before the response is sent:

TBD

Risk Assessment

Responding to a calling app without checking that it has the appropriate permissions can leak sensitive information.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD14-J

High

Probable

Medium

P12

L1

Automated Detection

It is not feasible to automatically detect whether an app's permissions need to be checked before responding to it.

Bibliography