Android

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Fred Long

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)

If an app is using a granted permission to respond to a calling app then it must check that the calling app as has that permission as well. Otherwise, the responding app may be granting privileges to the calling app that it should not have.  (This is sometimes called the "confused deputy" problem.)

...

Responding to a calling app without checking that it has the appropriate permissions can leak sensitive information.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD14-J

High

Probable

Medium

P12

L1

Automated Detection

It is not feasible to automatically detect whether an app's permissions need to be checked before responding to it.

Tool

Version

Checker

Description

Bibliography

[Android API 2013]Class Context


...

Image Added Image Added Image Added