Semgrep (Kotlin) Detect SharedPreferences declaration with world-readable flag

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

Proposal

Summary

Declaring SharedPreferences object with world-readable flag is a known security issue in Android (Source). The world-readable flag on SharedPreferences objects is still available in Android 5, Android 5.1 and Android 6 which are still used by a significant number of devices world-wide.

It doesn't seem like we have Semgrep rule to detect this. A customer is reporting that they can set that flag without issues and semgrep doesn't flag this as an issue in their Kotlin project.

Consider adding support for detecting this weakness in Kotlin projects.