CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
        • Android
          • Best practice
          • Security
        • Aws-lambda
        • Castor
        • Java-jwt
        • Jax-rs
        • Jboss
        • Jdo
        • Jedis
        • Jjwt
        • Jsch
        • Kryo
        • Lang
        • Micronaut
        • Mongo
        • Mongodb
        • Mysql
        • Okhttp
        • Rmi
        • Servlets
        • Spring
        • Thymeleaf
        • Xstream
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Android

    Best practice

    nsc-allows-plaintext-traffic

    The Network Security Config is set to allow non-encrypted connections. Evaluate if this is necessary for your app, and disable it if appropriate. (To hide this warning, set xmlns:tools="http://schemas.android.com/tools" tools:ignore="InsecureBaseConfiguration" as parameters to your <network-security-config>)

    nsc-pinning-without-backup

    Your app uses TLS public key pinning without specifying a backup key. If you are forced to change TLS keys or CAs on short notice, not having a backup pin can lead to connectivity issues until you can push out an update. It is considered best practice to add at least one additional pin as a backup.

    nsc-pinning-without-expiration

    Your app uses TLS public key pinning without specifying an expiration date. If your users do not update the app to receive new pins in time, expired or replaced certificates can lead to connectivity issues until they install an update. It is considered best practice to set an expiration time, after which the system will default to trusting system CAs and disregard the pin.

    nsc-allows-user-ca-certs

    The Network Security Config is set to accept user-installed CAs. Evaluate if this is necessary for your app, and disable it if appropriate. (To hide this warning, set xmlns:tools="http://schemas.android.com/tools" tools:ignore="AcceptsUserCertificates" as parameters to your <network-security-config>)

    nsc-allows-user-ca-certs-for-domain

    The Network Security Config is set to accept user-installed CAs for the domain $DOMAIN. Evaluate if this is necessary for your app, and disable it if appropriate. (To hide this warning, set xmlns:tools="http://schemas.android.com/tools" tools:ignore="AcceptsUserCertificates" as parameters to your <network-security-config>)

    manifest-usesCleartextTraffic-true

    The Android manifest is configured to allow non-encrypted connections. Evaluate if this is necessary for your app, and disable it if appropriate. This flag is ignored on Android 7 (API 24) and above if a Network Security Config is present.

    manifest-usesCleartextTraffic-ignored-by-nsc

    Manifest uses both android:usesCleartextTraffic and Network Security Config. The usesCleartextTraffic directive is ignored on Android 7 (API 24) and above if a Network Security Config is present.

    AuditSecurity
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.