程序請求建立網絡連接的權限。
授予此權限會使該軟件能夠打開網絡套接字。這個權限會授予程序
對設備的控制權,從而對用戶造成負面影響。因為此類型的權限會帶來潛在風險,系統不會自動將此權限
授予給請求者。
例 1:AndroidManifest.xml 的以下 <uses-permission .../> 元素包含了網絡權限屬性。
<uses-permission android:name="android.permission.INTERNET"/>
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A2 Broken Access Control
[2] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A6 Security Misconfiguration
[3] Standards Mapping - FIPS200 - (FISMA) AC
[4] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3500 CAT II
[5] Standards Mapping - Security Technical Implementation Guide Version 3.4 - (STIG 3.4) APP3500 CAT II
[6] Mark L. Murphy Beginning Android 2 Apress
[7] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 265
[8] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Improper Access Control - CWE ID 285
[9] Using Permissions