Android - Code Pathfinder Atlas

Browse our specialized collection of Android security rules designed to help you write better, more secure Android applications.

Test Locally

To run these rules against your Android codebase:

codepathfinder ci --project /src/project --ruleset cpf/android

Rules (5)

Browse our collection of Android security rules. Each rule includes example code and the actual rule implementation.

Type

Type (clear all)

SECURITY QUALITY PERFORMANCE

Severity

Severity (clear all)

CRITICAL HIGH MEDIUM LOW

OWASP

OWASP Top 10 (clear all)

Broken Access Control Cryptographic Failures Injection Insecure Design Security Misconfiguration Vulnerable and Outdated Components Identification and Authentication Failures Software and Data Integrity Failures Security Logging and Monitoring Failures Server-Side Request Forgery (SSRF)

WebView JavaScript Enabled

Severity: Medium | OWASP: Client Code Quality
Enabling JavaScript execution in a WebView can result in cross-site scripting attacks.

View Code

WebView JavaScript Interface

Severity: Medium | OWASP: Client Code Quality
Enabling addJavascriptInterface exposes java methods to JavaScript.

View Code

WebView Content Access

Severity: Medium | OWASP: Improper Platform Usage
Enabling setAllowContentAccess enables content:// access from webpages.

View Code

WebView File Access

Severity: Medium | OWASP: Improper Platform Usage
Enabling setAllowFileAccess enables webview access to file:/// URLs.

View Code

WebView File URL Access

Severity: Medium | OWASP: Improper Platform Usage
Enabling setAllowFileAccessFromFileURLs leaks sandbox access to file:/// URLs.

View Code

For more information on using Code PathFinder with Android, see our documentation.