Android 1.1 - Release Notes

On this page:

1.1.1-funcrel

Details
Minor updates regarding rules documentation.

Details
Minor changes before releasing functional release.

Rule Id	New Rule	Details
1024038	TRUE	Avoid processing Google Sign In Client without catching error
1024040	TRUE	Always activate unlockedDeviceRequired to avoid data decryption when device is unlocked
1024042	TRUE	CWE-327: Avoid using weak encryption algorithm (Android)
1024044	TRUE	Always check the device supports Biometric capability before using BiometricPrompt API

Rule Id	New Rule	Details
1024036	TRUE	Always check all the BiometricPrompt acquired options in the onAuthenticationSucceeded method
1024034	TRUE	Always check all the BiometricPrompt error options in the onAuthenticationError method
1024032	TRUE	Always manage the BiometricPrompt onAuthenticationFailed method

Rule Id	New Rule	Details
1024030	TRUE	Avoid using FingerprintManager as biometric API
1024028	TRUE	Avoid using "Android Protected Confirmation" without User Confirmation
1024026	TRUE	Avoid using MODE_WORLD_READABLE and MODE_WORLD_WRITEABLE
1024024	TRUE	All traffic to particular domains should use HTTPS
1024022	TRUE	Media Resources should be released
1024020	TRUE	Avoid using implicit intent

Rule Id	New Rule	Details
1024008	TRUE	Always use onActivityResult to pass the login results when using Facebook SDK
1024018	TRUE	Always provide a permission to secure Activities
1024016	TRUE	A permission is required for securing Services
1024014	TRUE	A permission is required for securing Receivers
1024012	TRUE	Avoid setting android:grantUriPermissions as True
1024010	TRUE	Apply signature-based permissions
1024004	TRUE	A Writing permission is required to write data of Content Provider
1024002	TRUE	A Read permission is required to read data of Content Provider
1024006	TRUE	Limit the accessibility of your app's Content Provider
1024000	TRUE	Avoid using AbsoluteLayout