Release Notes - 2.1


Other Updates

Android is not Linux compliant.


Other Updates

Traceback errors in log for eWallet analysis.


Resolved Issues

Customer Ticket Id Details
32193 Analysis warnings: [] Internal Error (with Traceback).
32275 Android analysis warning: Extension has encountered an issue.


Resolved Issues

Customer Ticket Id Details
28853 Update android jar file shipped with extension
29803 Missing link between Android application and onCreate Kotlin method


Resolved Issues

Customer Ticket Id Details
29189 Android Warning: Extension has encountered an issue


Resolved Issues

Customer Ticket Id Details
27441 Extension has encountered an issue: AttributeError: ‘str’ object has no attribute ‘get_begin_line’


Other Updates

Android Extension is executed and launched during analysis where it should not be



This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.


Rule Id New Rule Details
1024012 FALSE Avoid setting android:grantUriPermissions as True (updated criticity)
1024018 FALSE Always provide a permission to secure Activities (updated weight and thresholds)
1024022 FALSE Media Resources should be released (updated criticity)
1024026 FALSE Avoid using MODE_WORLD_READABLE and MODE_WORLD_WRITEABLE (updated criticity)
1024006 FALSE Limit the accessibility of your app’s Content Provider (update thresholds)
1024008 FALSE Always use onActivityResult to pass the login results when using Facebook SDK (updated thresholds)
1024010 FALSE Apply signature-based permissions (updated thresholds)
1024014 FALSE A permission is required for securing Receivers (update thresholds)
1024016 FALSE A permission is required for securing Services (updated thresholds)
1024020 FALSE Avoid using implicit intent (update thresholds)
1024028 FALSE Avoid using “Android Protected Confirmation” without User Confirmation (updated thresholds)
1024030 FALSE Avoid using FingerprintManager as biometric API (updated thresholds)
1024032 FALSE Always manage the BiometricPrompt onAuthenticationFailed method (updated thresholds)
1024034 FALSE Always check all the BiometricPrompt error options in the onAuthenticationError method (updated thresholds)
1024036 FALSE Always check all the BiometricPrompt acquired options in the onAuthenticationSucceeded method (updated thresholds)
1024040 FALSE Always activate unlockedDeviceRequired to avoid data decryption when device is unlocked (updated thresholds)
1024042 FALSE Avoid using weak encryption algorithm (Android) (updated thresholds)
1024044 FALSE Always check the device supports Biometric capability before using BiometricPrompt API (updated thresholds)

New Support

Summary Details
Support of library for Kotlin. See documentation
Support of and com.ad4screen.sdk.A4SApplication for Java and Kotlin. See documentation