Home/ Questions/Q 8694139
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T00:42:52+00:00

I’m curious about what vulnerabilities the Fortify rulesets look for in Android applications. Unfortunately

  • 0

I’m curious about what vulnerabilities the Fortify rulesets look for in Android applications. Unfortunately I’m unable to find any documentation on the same. I know that they look around for Java specific vulns along with Permission checks for Components — anything else? SQL injection checks? Intent checks?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Besides all the regular Java rules, there are Android specific rules for the following categories:

    Code Quality:
    Android Bad Practices – Use of Released Camera
    Android Bad Practices – Use of Released SQLite Resource
    Android Bad Practices – Use of Released Media Resource
    Unreleased Resource – Android Media

    Encapsulation:
    Insecure Storage – Android External Storage
    System Information Leak

    Input Validation and Representation:
    Command Injection
    Cross: Site Scripting – Persistent
    Cross: Site Scripting – Poor Validation
    Cross: Site Scripting – Reflected
    Header Manipulation – Cookies
    Log Forging
    Path Manipulation
    Query String Injection – Android Provider
    Resource Injection
    SQL Injection

    Security Features:
    Access Control – Android Provider
    Access Control – Database
    Android Bad Practices – Missing Broadcaster Permission
    Android Bad Practices – Missing Receiver Permission
    Android Bad Practices – Sticky Broadcast
    Password Management
    Password Management – Empty Password
    Password Management – Hardcoded Password
    Password Management – Null Password
    Password Management – Weak Cryptography
    Privacy Violation
    Privilege Management – Android Location
    Privilege Management – Android Messaging
    Privilege Management – Android Telephony
    Privilege Management – Missing API Permission
    Privilege Management – Missing Content Provider Permission
    Privilege Management – Missing Intent Permission

    • 0