Permissive context mode for resources
- Rule ID: java_android_world_readable_writable_mode
- Languages: java
- Source: world_readable_writable_mode.yml
Creating world-readable and -writeable files poses a serious security risk.
It is for this reason that the
Context.MODE_WORLD_WRITEABLE constants were deprecated and later removed.
✅ Use Context.MODE_PRIVATE wherever possible
✅ Use a
ContentProvider when sharing content with other applications
❌ (For legacy applications) Do not use the deprecated
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=java_android_world_readable_writable_mode
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=java_android_world_readable_writable_mode
Ready to take the next step? Learn more about Bearer Cloud.