(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)
If an app is using a granted permission to respond to a calling app then it must check that the calling app has that permission as well. Otherwise, the responding app may be granting privileges to the calling app that it should not have. (This is sometimes called the "confused deputy" problem.)
Context.enforceCallingPermission() can be used to ensure that the calling app has the correct permissions.
Noncompliant Code Example
This noncompliant code example shows an app responding to a calling app without first checking the permissions of the calling app.
In this compliant solution the permissions of the calling app are checked before the response is sent:
Responding to a calling app without checking that it has the appropriate permissions can leak sensitive information.
It is not feasible to automatically detect whether an app's permissions need to be checked before responding to it.