ABSTRACT

The program requests permission to access the device's GPS location.

EXPLANATION

Access to GPS location information can compromise a user's privacy and personal safety. Programs that require access to GPS location information must be careful to manage it with the utmost caution.

Example 1: The following code requests permission to ACCESS_FINE_LOCATION.


<permission android:name="android.permission.ACCESS_FINE_LOCATION"
android:permissionGroup="android.permission-group.LOCATION"
android:protectionLevel="dangerous"
android:label="@string/permlab_accessFineLocation"
android:description="@string/permdesc_accessFineLocation" />

REFERENCES

[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A2 Broken Access Control

[2] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A6 Security Misconfiguration

[3] Standards Mapping - FIPS200 - (FISMA) AC

[4] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 265

[5] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Improper Access Control - CWE ID 285

[6] Securing the Presidential Blackberry PC World

[7] Using Permissions