74 lines
1.3 KiB
Plaintext
74 lines
1.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
== Recommended Secure Coding Practices
|
|
|
|
Do not enable debugging features on applications distributed to end users.
|
|
|
|
== Sensitive Code Example
|
|
|
|
The release build is debuggable:
|
|
|
|
[source,kotlin]
|
|
----
|
|
android {
|
|
buildTypes {
|
|
release {
|
|
isDebuggable = true // Sensitive
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
Webview debugging is enabled:
|
|
|
|
[source,kotlin]
|
|
----
|
|
import android.webkit.WebView
|
|
|
|
WebView.setWebContentsDebuggingEnabled(true) // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,kotlin]
|
|
----
|
|
android {
|
|
buildTypes {
|
|
release {
|
|
isDebuggable = false
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
[source,kotlin]
|
|
----
|
|
import android.webkit.WebView
|
|
|
|
WebView.setWebContentsDebuggingEnabled(false)
|
|
----
|
|
|
|
include::../see-mobile.adoc[]
|
|
|
|
* https://developer.android.com/studio/publish/preparing[developer.android.com] - Prepare for release
|
|
* https://developer.android.com/privacy-and-security/risks/android-debuggable[developer.android.com] - android:debuggable
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|