HoangNguyen0403

Android Legacy Security

Standards for Intents, WebViews, and FileProvider

HoangNguyen0403 501 148 Updated 4mo ago

Resources

1
GitHub

Install

npx skillscat add hoangnguyen0403/agent-skills-standard/android-legacy-security

Install via the SkillsCat registry.

SKILL.md

Android Legacy Security Standards

Priority: P0

Implementation Guidelines

Intents

  • Implicit: Always verify resolveActivity before starting.
  • Exported: Verify android:exported logic (as per security skill).
  • Data: Treat all incoming Intent extras as untrusted input.

WebView

  • JS: Default to javaScriptEnabled = false. Only enable for trusted domains.
  • File Access: Disable allowFileAccess to prevent local file theft via XSS.

File Exposure

  • FileProvider: NEVER expose file:// URIs. Use FileProvider.

Anti-Patterns

  • Implicit Internal: **No Implicit for Internal**: Use Explicit Intents (class name).
  • World Readable: **No MODE_WORLD_READABLE**: SharedPreferences/Files.

References

Categories

Processing File Ops Security
GitHub

Install

npx skillscat add hoangnguyen0403/agent-skills-standard/android-legacy-security

Install via the SkillsCat registry.

Recommended Skills

asamassekou10
ship-safe-scan by asamassekou10
294 3mo ago
prompt-security
clawsec-feed by prompt-security
834 3mo ago
prompt-security
clawtributor by prompt-security
851 3mo ago
proficientlyjobs
network-scan by proficientlyjobs
78 3mo ago
trailofbits
openai-security-ownership-map by trailofbits
301 3mo ago
openclaw
clawtributor by openclaw
3.5K 3mo ago