Under Construction
This guideline is under construction.
Loopback, that is, connecting network communications to localhost ports, should not be used when handling sensitive data. The localhost ports are accessible by other applications on the device, so their use may result in sensitive data being revealed. Instead, a secure Android IPC mechanism should be used, such as the HttpsURLConnection class or the SSLSocket class.
Similarly, secure communications should never be bound to the INADDR_ANY port since this would result in the application being able to receive requests form anywhere.
For more information on these issues, see: [Android Security] section Using Networking.
Noncompliant Code Example
This noncompliant code example shows an application that binds to a localhost network port to send sensitive data.
TBD
Another application could intercept the communication and access the sensitive data
Compliant Solution
In this compliant solution the application uses a secure network connection.
TBD
Risk Assessment
Using localhost or the INADDR_ANY port when handling sensitive data could result in the data being revealed.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DRD23-J | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Automatic detection of the use of localhost or the INADDR_ANY port is straightforward. However, it may not be possible to automatically detect whether this use compromises any sensitive data.
1 Comment
Joseph C. Sible
Once the legitimate process binds a port (which is easily checkable), no other process can bind that port.
You can't have a valid SSL certificate for localhost, so how would this work exactly?