Hello Kotlin / Android developers,
We added 4 rules to help you being compliant with the Mobile AppSec Verification Standard (MASVS) > Data Storage and Privacy Requirements:
- S6301 Mobile database encryption keys should not be disclosed
- S5324 Accessing Android external storage is security-sensitive
- S6291 Using unencrypted databases in mobile applications is security-sensitive
- S6300 Using unencrypted files in mobile applications is security-sensitive
Also, because we are using internally Kotlin to develop these rules, we added some Code Smells to ease our life which should be also valuable for you:
- S5612: Lambdas should not have too many lines
- S1128: Unnecessary imports should be removed
- S1874: Deprecated code should not be used
- S1133: Deprecated code should be removed
This is available now on SonarCloud and will be included in SonarQube 9.1.
Alex