Created by James Hurrell, last modified by N Padmavathi on Sep 24, 2020
2.1.7-funcrel
Other Updates
| Details |
|---|
| Android is not Linux compliant. |
2.1.6-funcrel
Other Updates
| Details |
|---|
| Traceback errors in log for eWallet analysis. |
2.1.5-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 32193 | Analysis warnings: [com.castsoftware.android] Internal Error (with Traceback). |
| 32275 | Android analysis warning: Extension com.castsoftware.android has encountered an issue. |
2.1.4-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 28853 | Update android jar file shipped with extension |
| 29803 | Missing link between Android application and onCreate Kotlin method |
2.1.3-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 29189 | Android Warning: Extension com.castsoftware.android has encountered an issue |
2.1.2-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 27441 | Extension com.castsoftware.android has encountered an issue: AttributeError: 'str' object has no attribute 'get_begin_line' |
2.1.1-funcrel
Other Updates
| Details |
|---|
| Android Extension is executed and launched during analysis where it should not be |
2.1.0-funcrel
Note
This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.
Rules
| Rule Id | New Rule | Details |
|---|
| 1024012 | FALSE | Avoid setting android:grantUriPermissions as True (updated criticity) |
| 1024018 | FALSE | Always provide a permission to secure Activities (updated weight and thresholds) |
| 1024022 | FALSE | Media Resources should be released (updated criticity) |
| 1024026 | FALSE | Avoid using MODE_WORLD_READABLE and MODE_WORLD_WRITEABLE (updated criticity) |
| 1024006 | FALSE | Limit the accessibility of your app's Content Provider (update thresholds) |
| 1024008 | FALSE | Always use onActivityResult to pass the login results when using Facebook SDK (updated thresholds) |
| 1024010 | FALSE | Apply signature-based permissions (updated thresholds) |
| 1024014 | FALSE | A permission is required for securing Receivers (update thresholds) |
| 1024016 | FALSE | A permission is required for securing Services (updated thresholds) |
| 1024020 | FALSE | Avoid using implicit intent (update thresholds) |
| 1024028 | FALSE | Avoid using "Android Protected Confirmation" without User Confirmation (updated thresholds) |
| 1024030 | FALSE | Avoid using FingerprintManager as biometric API (updated thresholds) |
| 1024032 | FALSE | Always manage the BiometricPrompt onAuthenticationFailed method (updated thresholds) |
| 1024034 | FALSE | Always check all the BiometricPrompt error options in the onAuthenticationError method (updated thresholds) |
| 1024036 | FALSE | Always check all the BiometricPrompt acquired options in the onAuthenticationSucceeded method (updated thresholds) |
| 1024040 | FALSE | Always activate unlockedDeviceRequired to avoid data decryption when device is unlocked (updated thresholds) |
| 1024042 | FALSE | Avoid using weak encryption algorithm (Android) (updated thresholds) |
| 1024044 | FALSE | Always check the device supports Biometric capability before using BiometricPrompt API (updated thresholds) |
New Support
| Summary | Details |
|---|
| Support of androidx.room library for Kotlin. | See documentation |
| Support of android.app.Application and com.ad4screen.sdk.A4SApplication for Java and Kotlin. | See documentation |
