Skip to content

MASTG-TEST-0265: References to StrictMode APIs

Overview

This test checks whether the app uses StrictMode. While useful for developers to log policy violations such as disk I/O or network operations during development, it can expose sensitive implementation details in the logs that could be exploited by attackers.

Steps

  1. Run a static analysis ( Static Analysis on Android) tool to identify all instances of StrictMode APIs.

Observation

The output should identify all instances of StrictMode usage in the app.

Evaluation

The test fails if the app uses StrictMode APIs.

Demos

MASTG-DEMO-0039: Detecting StrictMode PenaltyLog Usage with Semgrep