Android-specific Rules

February 3, 2025 ยท View on GitHub

Android-specific rules rely on a multi-scope scanning, including Java source files, Xml files, Gradle files, and more generally the project structure. The complete list is accessible here.

Environment

3/4 of them have been already implemented in the plugin. Table of unimplemented rules below:

#Rule NameScannerObservation
EOPT003Lazy LoadingJava
ELEA001Everlasting ServiceJavaRequires PostProjectAnalysisTask() callback
EBOT004Uncached Data ReceptionJavaRequires PostProjectAnalysisTask() callback
ESOB009Day Night ModeFile System, XmlRequires PostProjectAnalysisTask() callback
ESOB015Extraneous AnimationJava, Xml, File System
ESOBxxxExtraneous InitJava
ESOB016Hardware accelerationXml
EPOW008Battery-constrained WorkJava
EBAT001Service@Boot-timeJava, XmlLikely detectable in Xml only
EREL004Same dependenciesGradleRequires a knowledge base
EREL005Duplicate dependenciesGradleRequires a knowledge base
EREL007Clear cacheJavaMethod deleteRecursively() is Kotlin-only
EREL008Convert to WebPFile System
EREL009Shrink and MinifyGradle
ELON001Aging devicesGradleValue of minSdkVersion may be hardcoded, but must be updated regularly

Social

1 rule has been implemented so far in the plugin. Table of unimplemented rules below:

#Rule NameScannerObservation
SPRI001Crashlytics automatic opt-inJava, Xml
SPRI003Hidden Tracker RiskGradleThreshold to be decided
SPRI004Tracking IdJava
SPRI005Explain PermissionJava
SGDP001Google consentJava"Good smell" spotted here
SINC002Grammatical genderFile System"Good smell" spotted here