admin管理员组文章数量:1642202
Android Lint - Android Studio Project Site
Android Lint Checks - Android Studio Project Site
Security(All checks in 3.2)
========
AddJavascriptInterface
----------------------
Summary: addJavascriptInterface Called
Priority: 9 / 10
Severity: Warning
Category: Security
For applications built for API levels below 17, WebView#addJavascriptInterface
presents a security hazard as JavaScript on the target web page has the
ability to use reflection to access the injected object's public fields and
thus manipulate the host application in unintended ways.
More information:
https://labs.mwrinfosecurity/blog/2013/09/24/webview-addjavascriptinterface-remote-code-execution/
DeletedProvider
---------------
Summary: Using Deleted Provider
Priority: 9 / 10
Severity: Error
Category: Security
The Crypto provider has been completely removed in Android P (and was
deprecated in an earlier release). This means that the code will throw a
NoSuchProviderException and the app will crash. Even if the code catches that
exception at a higher level, this is not secure and should not be used.
More information:
https://android-developers.googleblog/2018/03/cryptography-changes-in-android-p.html
DeprecatedProvider
------------------
Summary: Using BC Provider
Priority: 9 / 10
Severity: Warning
Category: Security
The BC provider has been deprecated and will not be provided when
targetSdkVersion is P or higher.
More information:
https://android-developers.googleblog/2018/03/cryptography-changes-in-android-p.html
GetInstance
-----------
Summary: Cipher.getInstance with ECB
Priority: 9 / 10
Severity: Warning
Category: Security
Cipher#getInstance should not be called with ECB as the cipher mode or without
setting the cipher mode because the default mode on android is ECB, which is
insecure.
SecureRandom
------------
Summary: Using a fixed seed with SecureRandom
Priority: 9 / 10
Severity: Warning
Category: Security
Specifying a fixed seed will cause the instance to return a predictable
sequence of numbers. This may be useful for testing but it is not appropriate
for secure use.
More information:
http://developer.android/reference/java/security/SecureRandom.html
TrulyRandom
-----------
Summary: Weak RNG
Priority: 9 / 10
Severity: Warning
Category: Security
Key generation, signing, encryption, and random number generation may not
receive cryptographically strong values due to improper initialization of the
underlying PRNG on Android 4.3 and below.
If your application relies on cryptographically secure random number
generation you should apply the workaround described in
https://android-developers.blogspot/2013/08/some-securerandom-thoughts.htm
l .
This lint rule is mostly informational; it does not accurately detect whether
cryptographically secure RNG is required, or whether the workaround has
already been applied. After reading the blog entry and updating your code if
necessary, you can disable this lint issue.
More information:
https://android-developers.blogspot/2013/08/some-securerandom-thoughts.html
VulnerableCordovaVersion
------------------------
Summary: Vulnerable Cordova Version
Priority: 9 / 10
Severity: Warning
Category: Security
The version of Cordova used in the app is vulnerable to security issues.
Please update to the latest Apache Cordova version.
More information:
https://cordova.apache/announcements/2015/11/20/security.html
ExportedPreferenceActivity
--------------------------
Summary: PreferenceActivity should not be exported
Priority: 8 / 10
Severity: Warning
Category: Security
Fragment injection gives anyone who can send your PreferenceActivity an intent
the ability to load any fragment, with any arguments, in your process.
More information:
http://securityintelligence/new-vulnerability-android-framework-fragment-injection
JavascriptInterface
-------------------
Summary: Missing @JavascriptInterface on methods
Priority: 8 / 10
Severity: Error
Category: Security
As of API 17, you must annotate methods in objects registered with the
addJavascriptInterface method with a @JavascriptInterface annotation.
More information:
http://developer.android/reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object, java.lang.String)
PackageManagerGetSignatures
---------------------------
Summary: Potential Multiple Certificate Exploit
Priority: 8 / 10
Severity: Warning
Category: Security
Improper validation of app signatures could lead to issues where a malicious
app submits itself to the Play Store with both its real certificate and a fake
certificate and gains access to functionality or information it shouldn't have
due to another application only checking for the fake certificate and ignoring
the rest. Please make sure to validate all signatures returned by this
method.
More information:
https://bluebox/technical/android-fake-id-vulnerability/
PackagedPrivateKey
------------------
Summary: Packaged private key
Priority: 8 / 10
Severity: Fatal
Category: Security
In general, you should not package private key files inside your app.
RiskyLibrary
------------
Summary: Libraries with Privacy or Security Risks
Priority: 8 / 10
Severity: Error
Category: Security
Your app is using a version of a library that has been identified by the
library developer as a potential source of privacy and/or security risks. This
may be a violation of Google Play policies (see
https://play.google/about/monetization-ads/ads/) and/or affect your app’s
visibility on the Play Store.
When available, the individual error messages from lint will include details
about the reasons for this advisory.
Please try updating your app with an updated version of this library, or
remove it from your app.
GrantAllUris
------------
Summary: Content provider shares everything
Priority: 7 / 10
Severity: Warning
Category: Security
The <grant-uri-permission> element allows specific paths to be shared. This
detector checks for a path URL of just '/' (everything), which is probably not
what you want; you should limit access to a subset.
AllowAllHostnameVerifier
------------------------
Summary: Insecure HostnameVerifier
Priority: 6 / 10
Severity: Warning
Category: Security
This check looks for use of HostnameVerifier implementations whose verify
method always returns true (thus trusting any hostname) which could result in
insecure network traffic caused by trusting arbitrary hostnames in TLS/SSL
certificates presented by peers.
AuthLeak
--------
Summary: Code might contain an auth leak
Priority: 6 / 10
Severity: Warning
Category: Security
Strings in java apps can be discovered by decompiling apps, this lint check
looks for code which looks like it may contain an url with a username and
password
BadHostnameVerifier
-------------------
Summary: Insecure HostnameVerifier
Priority: 6 / 10
Severity: Warning
Category: Security
This check looks for implementations of HostnameVerifier whose verify method
always returns true (thus trusting any hostname) which could result in
insecure network traffic caused by trusting arbitrary hostnames in TLS/SSL
certificates presented by peers.
EasterEgg
---------
Summary: Code contains easter egg
Priority: 6 / 10
Severity: Warning
Category: Security
NOTE: This issue is disabled by default!
You can enable it by adding --enable EasterEgg
An "easter egg" is code deliberately hidden in the code, both from potential
users and even from other developers. This lint check looks for code which
looks like it may be hidden from sight.
HardwareIds
-----------
Summary: Hardware Id Usage
Priority: 6 / 10
Severity: Warning
Category: Security
Using these device identifiers is not recommended other than for high value
fraud prevention and advanced telephony use-cases. For advertising use-cases,
use AdvertisingIdClient$Info#getId and for analytics, use InstanceId#getId.
More information:
https://developer.android/training/articles/user-data-ids.html
SSLCertificateSocketFactoryCreateSocket
---------------------------------------
Summary: Insecure call to SSLCertificateSocketFactory.createSocket()
Priority: 6 / 10
Severity: Warning
Category: Security
When SSLCertificateSocketFactory.createSocket() is called with an InetAddress
as the first parameter, TLS/SSL hostname verification is not performed, which
could result in insecure network traffic caused by trusting arbitrary
hostnames in TLS/SSL certificates presented by peers. In this case, developers
must ensure that the InetAddress is explicitly verified against the
certificate through other means, such as by calling
`SSLCertificateSocketFactory.getDefaultHostnameVerifier() to get a
HostnameVerifier and calling HostnameVerifier.verify().
SSLCertificateSocketFactoryGetInsecure
--------------------------------------
Summary: Call to SSLCertificateSocketFactory.getInsecure()
Priority: 6 / 10
Severity: Warning
Category: Security
The SSLCertificateSocketFactory.getInsecure() method returns an
SSLSocketFactory with all TLS/SSL security checks disabled, which could result
in insecure network traffic caused by trusting arbitrary TLS/SSL certificates
presented by peers. This method should be avoided unless needed for a special
circumstance such as debugging. Instead,
SSLCertificateSocketFactory.getDefault() should be used.
SetJavaScriptEnabled
--------------------
Summary: Using setJavaScriptEnabled
Priority: 6 / 10
Severity: Warning
Category: Security
Your code should not invoke setJavaScriptEnabled if you are not sure that your
app really requires JavaScript support.
More information:
http://developer.android/guide/practices/security.html
SetWorldReadable
----------------
Summary: File.setReadable() used to make file world-readable
Priority: 6 / 10
Severity: Warning
Category: Security
Setting files world-readable is very dangerous, and likely to cause security
holes in applications. It is strongly discouraged; instead, applications
should use more formal mechanisms for interactions such as ContentProvider,
BroadcastReceiver, and Service.
SetWorldWritable
----------------
Summary: File.setWritable() used to make file world-writable
Priority: 6 / 10
Severity: Warning
Category: Security
Setting files world-writable is very dangerous, and likely to cause security
holes in applications. It is strongly discouraged; instead, applications
should use more formal mechanisms for interactions such as ContentProvider,
BroadcastReceiver, and Service.
TrustAllX509TrustManager
------------------------
Summary: Insecure TLS/SSL trust manager
Priority: 6 / 10
Severity: Warning
Category: Security
This check looks for X509TrustManager implementations whose checkServerTrusted
or checkClientTrusted methods do nothing (thus trusting any certificate chain)
which could result in insecure network traffic caused by trusting arbitrary
TLS/SSL certificates presented by peers.
UnprotectedSMSBroadcastReceiver
-------------------------------
Summary: Unprotected SMS BroadcastReceiver
Priority: 6 / 10
Severity: Warning
Category: Security
BroadcastReceivers that declare an intent-filter for SMS_DELIVER or
SMS_RECEIVED must ensure that the caller has the BROADCAST_SMS permission,
otherwise it is possible for malicious actors to spoof intents.
UnsafeProtectedBroadcastReceiver
--------------------------------
Summary: Unsafe Protected BroadcastReceiver
Priority: 6 / 10
Severity: Warning
Category: Security
BroadcastReceivers that declare an intent-filter for a protected-broadcast
action string must check that the received intent's action string matches the
expected value, otherwise it is possible for malicious actors to spoof
intents.
UseCheckPermission
------------------
Summary: Using the result of check permission calls
Priority: 6 / 10
Severity: Warning
Category: Security
You normally want to use the result of checking a permission; these methods
return whether the permission is held; they do not throw an error if the
permission is not granted. Code which does not do anything with the return
value probably meant to be calling the enforce methods instead, e.g. rather
than Context#checkCallingPermission it should call
Context#enforceCallingPermission.
UsingHttp
---------
Summary: Using HTTP instead of HTTPS
Priority: 6 / 10
Severity: Warning
Category: Security
The Gradle Wrapper is available both via HTTP and HTTPS. HTTPS is more secure
since it protects against man-in-the-middle attacks etc. Older projects
created in Android Studio used HTTP but we now default to HTTPS and recommend
upgrading existing projects.
ExportedContentProvider
-----------------------
Summary: Content provider does not require permission
Priority: 5 / 10
Severity: Warning
Category: Security
Content providers are exported by default and any application on the system
can potentially use them to read and write data. If the content provider
provides access to sensitive data, it should be protected by specifying
export=false in the manifest or by protecting it with a permission that can be
granted to other applications.
ExportedReceiver
----------------
Summary: Receiver does not require permission
Priority: 5 / 10
Severity: Warning
Category: Security
Exported receivers (receivers which either set exported=true or contain an
intent-filter and do not specify exported=false) should define a permission
that an entity must have in order to launch the receiver or bind to it.
Without this, any application can use this receiver.
ExportedService
---------------
Summary: Exported service does not require permission
Priority: 5 / 10
Severity: Warning
Category: Security
Exported services (services which either set exported=true or contain an
intent-filter and do not specify exported=false) should define a permission
that an entity must have in order to launch the service or bind to it. Without
this, any application can use this service.
HardcodedDebugMode
------------------
Summary: Hardcoded value of android:debuggable in the manifest
Priority: 5 / 10
Severity: Fatal
Category: Security
It's best to leave out the android:debuggable attribute from the manifest. If
you do, then the tools will automatically insert android:debuggable=true when
building an APK to debug on an emulator or device. And when you perform a
release build, such as Exporting APK, it will automatically set it to false.
If on the other hand you specify a specific value in the manifest file, then
the tools will always use it. This can lead to accidentally publishing your
app with debug information.
InvalidPermission
-----------------
Summary: Invalid Permission Attribute
Priority: 5 / 10
Severity: Error
Category: Security
Not all elements support the permission attribute. If a permission is set on
an invalid element, it is a no-op and ignored. Ensure that this permission
attribute was set on the correct element to protect the correct component.
SignatureOrSystemPermissions
----------------------------
Summary: signatureOrSystem permissions declared
Priority: 5 / 10
Severity: Warning
Category: Security
The signature protection level should probably be sufficient for most needs
and works regardless of where applications are installed. The
signatureOrSystem level is used for certain situations where multiple vendors
have applications built into a system image and need to share specific
features explicitly because they are being built together.
UnsafeDynamicallyLoadedCode
---------------------------
Summary: load used to dynamically load code
Priority: 4 / 10
Severity: Warning
Category: Security
Dynamically loading code from locations other than the application's library
directory or the Android platform's built-in library directories is dangerous,
as there is an increased risk that the code could have been tampered with.
Applications should use loadLibrary when possible, which provides increased
assurance that libraries are loaded from one of these safer locations.
Application developers should use the features of their development
environment to place application native libraries into the lib directory of
their compiled APKs.
UnsafeNativeCodeLocation
------------------------
Summary: Native code outside library directory
Priority: 4 / 10
Severity: Warning
Category: Security
In general, application native code should only be placed in the application's
library directory, not in other locations such as the res or assets
directories. Placing the code in the library directory provides increased
assurance that the code will not be tampered with after application
installation. Application developers should use the features of their
development environment to place application native libraries into the lib
directory of their compiled APKs. Embedding non-shared library native
executables into applications should be avoided when possible.
WorldReadableFiles
------------------
Summary: openFileOutput() or similar call passing MODE_WORLD_READABLE
Priority: 4 / 10
Severity: Warning
Category: Security
There are cases where it is appropriate for an application to write world
readable files, but these should be reviewed carefully to ensure that they
contain no private data that is leaked to other applications.
WorldWriteableFiles
-------------------
Summary: openFileOutput() or similar call passing MODE_WORLD_WRITEABLE
Priority: 4 / 10
Severity: Warning
Category: Security
There are cases where it is appropriate for an application to write world
writeable files, but these should be reviewed carefully to ensure that they
contain no private data, and that if the file is modified by a malicious
application it does not trick or compromise your application.
AllowBackup
-----------
Summary: AllowBackup/FullBackupContent Problems
Priority: 3 / 10
Severity: Warning
Category: Security
The allowBackup attribute determines if an application's data can be backed up
and restored. It is documented at
http://developer.android/reference/android/R.attr.html#allowBackup
By default, this flag is set to true. When this flag is set to true,
application data can be backed up and restored by the user using adb backup
and adb restore.
This may have security consequences for an application. adb backup allows
users who have enabled USB debugging to copy application data off of the
device. Once backed up, all application data can be read by the user. adb
restore allows creation of application data from a source specified by the
user. Following a restore, applications should not assume that the data, file
permissions, and directory permissions were created by the application
itself.
Setting allowBackup="false" opts an application out of both backup and
restore.
To fix this warning, decide whether your application should support backup,
and explicitly set android:allowBackup=(true|false)".
If not set to false, and if targeting API 23 or later, lint will also warn
that you should set android:fullBackupContent to configure auto backup.
More information:
https://developer.android/training/backup/autosyncapi.html
http://developer.android/reference/android/R.attr.html#allowBackup
ProxyPassword
-------------
Summary: Proxy Password in Cleartext
Priority: 2 / 10
Severity: Warning
Category: Security
Storing proxy server passwords in clear text is dangerous if this file is
shared via version control. If this is deliberate or this is a truly private
project, suppress this warning.
版权声明:本文标题:Android Lint 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/dongtai/1729333030a1196638.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论