ABSTRACT

The program requests permission to disable the handset.

EXPLANATION

There is no good reason to request or grant a permission that disables the device.

Example 1: A program must not call this permission. Ever.

 <uses-permission android:name="android.permission.BRICK"/> 

REFERENCES

[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A2 Broken Access Control

[2] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A6 Security Misconfiguration

[3] Standards Mapping - FIPS200 - (FISMA) AC

[4] Mark L. Murphy Beginning Android 2 Apress

[5] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 265

[6] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Improper Access Control - CWE ID 285

[7] Using Permissions