Skip to content

Attribute hasFragileUserData not set

Attribute hasFragileUserData not set

Description

The android:hasFragileUserData attribute specifies when the user uninstalls an app, whether to show the user a prompt to keep the app's data. The default value is "false".

This value should be set explicitly in the application to indicate whether the application is handling important user data or not.

Recommendation

Explicitly set the attribute android:hasFragileUserData to the appropriate value.

<application android:icon="@drawable/icon" android:hasFragileUserData="true">

Standards

  • OWASP_MASVS_L1:
    • MSTG_ARCH_12
  • OWASP_MASVS_L2:
    • MSTG_ARCH_12