The program asks to perform SMS operations.
Permissions to send and receive SMS must not be requested without cause, nor granted without consideration. Malicious software exploits these permissions to steal money and data from unwary users.
Example 1: In this case, the <uses-permission .../>
element includes a messaging
permission attribute.
<uses-permission android:name="android.permission.SEND_SMS"/>
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A2 Broken Access Control
[2] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A6 Security Misconfiguration
[3] Standards Mapping - FIPS200 - (FISMA) AC
[4] Mark L. Murphy Beginning Android Apress
[5] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 265
[6] First SMS Trojan detected for smartphones running Android
[7] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Improper Access Control - CWE ID 285
[8] Using Permissions