The call to android.os.Looper.loop () requires android .permission.RECEIVE_BOOT_COMPLETED which will be listed in AndroidManifest.xml
At work, we run our applications with a security scan tool that performs static analysis of vulnerabilities. Sometimes it denotes things that are not security related but can cause problems in some other way. In this case, he complains about Mishandling of insufficient privileges .
Here's a description from the tool:
This application calls the android.os.Looper.loop () API, which requires the following permission (s), which are not specified in AndroidManifest.xml: android.permission.RECEIVE_BOOT_COMPLETED. These calls will not be completed. Depending on the condition, it may result in an error message, or the code will fail silently. Invalid conditions are not flaws, but they can indicate the presence of unexpected code (for example, an advertisement library trying to miss the location of the user's GPS device).
However, the API docs doesn't mention the value android.permission.RECEIVE_BOOT_COMPLETED
or the file AndroidManifest.xml
at all.
Is Looper.loop () really android.permission.RECEIVE_BOOT_COMPLETED
required , or is this a false positive?
source to share
It's not obligatory. Looper.loop
invoked by just about every Android program, whether behind the scenes or openly. I don't understand why they would require permission to use it. It is required to show even the simplest graphics ... I am sure that this is a false positive in the tool you are using.
source to share
Here:
http://developer.android.com/reference/android/Manifest.permission.html
This has been around since API level 1. Shouldn't be too hard to fix.
source to share