...
Failure to declare a class's method private or final affords the opportunity for a malicious subclass to bypass the security checks performed in the method.
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
MET03-J | Medium | Probable | No |
No |
P4 |
L3 |
Android Implementation Details
On Android, System.getSecurityManager() is not used, and the use of a security manager is not exercised. However, an Android developer can implement security-sensitive methods, so the principle may be applicable on Android.
Bibliography
IH.2.b.b. Declare methods that enforce |
...
...