Android

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Beriwan Salamat Ravandi

Saved on

compared with

New Version Current

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added entry for CodeSonar warning class mapping

(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)

 

 



This rule was developed in part by Beriwan Salamat Ravandi at the October 20-22, 2017 OurCS Workshop (http://www.cs.cmu.edu/ourcs/register.html). For more information about this statement, see the About the OurCS Workshop page.

 

Information that is cached may become accessible to other applications, and certainly becomes accessible if the device is found or stolen by a third party.

...

Caching sensitive information may result in the information becoming accessible.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD22-J

Medium

Probable

High

P4

L3

Automated Detection

It is not possible to automatically detect all situations when sensitive information may be cached.

Tool

Version

Checker

Description

CodeSonar

Include Page
CodeSonar_V
CodeSonar_V

JAVA.MISC.SD.CACHE

Sensitive data cached (Java)
Other JAVA.MISC.SD.* warning classes are also relevant.

Bibliography

[viaForensics 2014]

2. Avoid caching app data

15. Be aware of the keyboard cache

29. Android: avoid storing cached camera images

30. Android: Avoid GUI objects caching

[Android Security]Using WebView
[Android API 2013]clearCache() method