程序請求執行 SMS 操作。
禁止在毫無理由的情況下請求發送與接收 SMS 的權限,也不可在沒有考慮的情況下授予該權限。惡意軟件會盜取這些權限,在用戶不知情的情況下竊取金錢與數據。
例 1:在這種情況下,<uses-permission .../> 元素包含消息
權限屬性。
<uses-permission android:name="android.permission.SEND_SMS"/>
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A2 Broken Access Control
[2] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A6 Security Misconfiguration
[3] Standards Mapping - FIPS200 - (FISMA) AC
[4] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3500 CAT II
[5] Standards Mapping - Security Technical Implementation Guide Version 3.4 - (STIG 3.4) APP3500 CAT II
[6] Mark L. Murphy Beginning Android Apress
[7] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 265
[8] First SMS Trojan detected for smartphones running Android
[9] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Improper Access Control - CWE ID 285
[10] Using Permissions