(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)
In Android apps, if the
export value of a component is explicitly marked false in the app's manifest file, the component is made private. Any application can access components that are not explicitly assigned an access permission.
Noncompliant Code Example
This noncompliant code example shows an application that creates a file that is world readable, and hence not secure.
Any application can access components that are not explicitly assigned an access permission.
In this compliant solution the
export value of a component is explicitly marked false in the app's manifest file, making the component private.
By not limiting access to a component intended to be private, sensitive information or capabilities could be leaked.
Automatic detection of the labelling of every component in the manifest as exported true or false would be straightforward. It is not feasible to automatically determine whether the component was meant to be private or not.