This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

2.1.7-funcrel

Other Updates

Details
Android is not Linux compliant.

2.1.6-funcrel

Other Updates

Details
Traceback errors in log for eWallet analysis.

2.1.5-funcrel

Resolved Issues

Customer Ticket IdDetails
32193Analysis warnings: [com.castsoftware.android] Internal Error (with Traceback).
32275Android analysis warning: Extension com.castsoftware.android has encountered an issue.

2.1.4-funcrel

Resolved Issues

Customer Ticket IdDetails
28853Update android jar file shipped with extension
29803Missing link between Android application and onCreate Kotlin method

2.1.3-funcrel

Resolved Issues

Customer Ticket IdDetails
29189Android Warning: Extension com.castsoftware.android has encountered an issue

2.1.2-funcrel

Resolved Issues

Customer Ticket IdDetails
27441Extension com.castsoftware.android has encountered an issue: AttributeError: 'str' object has no attribute 'get_begin_line'

2.1.1-funcrel

Other Updates

Details
Android Extension is executed and launched during analysis where it should not be

2.1.0-funcrel

Note

This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.

Rules

Rule IdNew RuleDetails
1024012FALSEAvoid setting android:grantUriPermissions as True (updated criticity)
1024018FALSEAlways provide a permission to secure Activities (updated weight and thresholds)
1024022FALSEMedia Resources should be released (updated criticity)
1024026FALSEAvoid using MODE_WORLD_READABLE and MODE_WORLD_WRITEABLE (updated criticity)
1024006FALSELimit the accessibility of your app's Content Provider (update thresholds)
1024008FALSEAlways use onActivityResult to pass the login results when using Facebook SDK (updated thresholds)
1024010FALSEApply signature-based permissions (updated thresholds)
1024014FALSEA permission is required for securing Receivers (update thresholds)
1024016FALSEA permission is required for securing Services (updated thresholds)
1024020FALSEAvoid using implicit intent (update thresholds)
1024028FALSEAvoid using "Android Protected Confirmation" without User Confirmation (updated thresholds)
1024030FALSEAvoid using FingerprintManager as biometric API (updated thresholds)
1024032FALSEAlways manage the BiometricPrompt onAuthenticationFailed method (updated thresholds)
1024034FALSEAlways check all the BiometricPrompt error options in the onAuthenticationError method (updated thresholds)
1024036FALSEAlways check all the BiometricPrompt acquired options in the onAuthenticationSucceeded method (updated thresholds)
1024040FALSEAlways activate unlockedDeviceRequired to avoid data decryption when device is unlocked (updated thresholds)
1024042FALSEAvoid using weak encryption algorithm (Android) (updated thresholds)
1024044FALSEAlways check the device supports Biometric capability before using BiometricPrompt API (updated thresholds)

New Support

SummaryDetails
Support of androidx.room library for Kotlin.See documentation
Support of android.app.Application and com.ad4screen.sdk.A4SApplication for Java and Kotlin.See documentation