Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[App Audit] Recommendation: Add additional StrictMode checks #1388

Open
HonzaR opened this issue Apr 23, 2024 · 0 comments
Open

[App Audit] Recommendation: Add additional StrictMode checks #1388

HonzaR opened this issue Apr 23, 2024 · 0 comments
Labels
security_finding Security audit non-critical findings

Comments

@HonzaR
Copy link
Collaborator

HonzaR commented Apr 23, 2024

Is your feature request related to a problem? Please describe.

Code in StrictModeCompat.kt defines the StrictMode checks:

Screenshot 2024-04-23 at 14 27 04

Describe the solution you'd like

It would be worthwile to add additional checks here, for example pentaltyDeathOnCleartextNetwork and detectUnsafeIntentLaunch.

IS_CRASH_ON_STRICT_MODE_VIOLATION can also be turned on for release versions of the app, not just in CI testing builds.

Alternatives you've considered

Additional context
@HonzaR HonzaR added I-SECURITY Problems and improvements related to security. security_finding Security audit non-critical findings and removed I-SECURITY Problems and improvements related to security. labels Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security_finding Security audit non-critical findings
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@HonzaR