Permissive context mode for resources

Description

Creating world-readable and -writeable files poses a serious security risk. It is for this reason that the Context.MODE_WORLD_READABLE and Context.MODE_WORLD_WRITEABLE constants were deprecated and later removed.

Remediations

✅ Use Context.MODE_PRIVATE wherever possible

✅ Use a ContentProvider when sharing content with other applications

❌ (For legacy applications) Do not use the deprecated MODE_WORLD_READABLE or MODE_WORLD_WRITEABLE constants

References

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_android_world_readable_writable_mode

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_android_world_readable_writable_mode

Ready to take the next step? Learn more about Bearer Cloud.