WordPress-Android icon indicating copy to clipboard operation
WordPress-Android copied to clipboard
verified publisher icon wordpress-mobile

Enable StrictMode security tool

Open irfano opened this issue 3 years ago • 0 comments

StrictMode is a developer tool which detects things you might be doing by accident and brings them to your attention so you can fix them. Currently, it's commented in WordPressDebug. We had a security vulnerability (Slack ref: p1656678398776749-slack-CRA4UEQQ3) caused by unsafe intent launch which could be detected by StrictMode's detectUnsafeIntentLaunch(). In this issue, we need to

  • [ ] add detectUnsafeIntentLaunch() in StrictMode detections,
  • [ ] investigate other detections that might be beneficial,
  • [ ] check if enabling StrictMode have any significant drawback, if not, enable it for all debug builds,
  • [ ] enable StrictMode detections in automated tests of CI,
  • [ ] investigate other security tools. (If we can find good tools, we can use them in place of StrictMode or addition to StrictMode)

If these are a lot for a PR, multiple PRs can fix this issue.

irfano avatar Jul 26 '22 18:07 irfano