The Kotlin analyzer helps you to safely use the Android data storage

Hello Kotlin / Android developers,

We added 4 rules to help you being compliant with the Mobile AppSec Verification Standard (MASVS) > Data Storage and Privacy Requirements:

  • S6301 Mobile database encryption keys should not be disclosed
  • S5324 Accessing Android external storage is security-sensitive
  • S6291 Using unencrypted databases in mobile applications is security-sensitive
  • S6300 Using unencrypted files in mobile applications is security-sensitive

Also, because we are using internally Kotlin to develop these rules, we added some Code Smells to ease our life which should be also valuable for you:

  • S5612: Lambdas should not have too many lines
  • S1128: Unnecessary imports should be removed
  • S1874: Deprecated code should not be used
  • S1133: Deprecated code should be removed

This is available now on SonarCloud and will be included in SonarQube 9.1.