| This rule was developed in part by Emma Krummenacher at the October 20-22, 2017 OurCS Workshop (http://www.cs.cmu.edu/ourcs/register.html). For more information about this statement, see the About the OurCS Workshop page. |
|---|
Under Construction
This guideline is under construction.
The use of constants MODE_WORLD_READABLE and MODE_WORLD_WRITABLE is very dangerous and can cause security holes in applications. Applications should use more formal mechanisms for interactions and communicating amongst each other. These mechanisms include ContentProvider, BroadcastReceiver, and Service.
- ContentProvider: provides content to applications; used to share data amongst multiple applications
- BroadcastReceiver: Broadcasts are sent when an event of interest occurs; applications may register to receive certain broadcasts; used as a messaging system amongst applications
- Service: allows application to tell the system what it wants to do in the background and exposes some of its functionality to other applications
Noncompliant Code Example
This noncompliant code example shows an application that uses MODE_WORLD_READABLE to share files between applications.
String FILENAME = "example_file"; String string = "hello world!"; FileOutputStream outputStream = openFileOutput(FILENAME, Context.MODE_WORLD_READABLE); fos.write(string.getBytes()); fos.close();
Using the constant MODE_WORLD_READABLE allows other applications to read the file using the shared preference API. This is likely to cause security holes and is strongly discouraged.
This noncompliant code example shows an application that uses MODE_WORLD_WRITABLE to share files between applications.
String FILENAME = "example_file"; String string = "hello world!"; FileOutputStream outputStream = openFileOutput(FILENAME, Context.MODE_WORLD_WRITABLE); fos.write(string.getBytes()); fos.close();
Using the constant MODE_WORLD_WRITABLE allows other applications to read the file using the shared preference API. This is likely to cause security holes and is strongly discouraged.
Compliant Solution
In this compliant solution ...:
TBD
Exceptions
The constants MODE_WORLD_READABLE and MODE_WORLD_WRITABLE have been deprecated since API level 17. Starting from Android 7.0 (API level 24) their use will result in a SecurityException to be thrown.
Risk Assessment
Summary of risk assessment.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
TBD |
|
|
|
|
|
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| TBD |
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Fill in the table below with at least one entry row, per these instructions, then remove this purple-font section.
| TBD (e.g., MITRE CWE) |
Bibliography
| Sharing Files - Android Developer | https://developer.android.com/training/secure-file-sharing/index.html |
| Storage Options - Android Developer | https://developer.android.com/guide/topics/data/data-storage.html#pref |
| Context - Android Developer | https://developer.android.com/reference/android/content/Context.html |