Correctness
AdapterViewChildren
Summary: AdapterViews cannot have children in XML
Priority: 10 / 10
Severity: Warning
Category: Correctness
AdapterViews such as ListViews must be configured with data from Java code,
such as a ListAdapter.
More information:
http://developer.android.com/reference/android/widget/AdapterView.html
OnClick
Summary: onClick method does not exist
Priority: 10 / 10
Severity: Error
Category: Correctness
The onClick attribute value should be the name of a method in this View's
context to invoke when the view is clicked. This name must correspond to a
public method that takes exactly one parameter of type View.
Must be a string value, using ';' to escape characters such as '\n' or
'\uxxxx' for a unicode character.
StopShip
Summary: Code contains STOPSHIP marker
Priority: 10 / 10
Severity: Warning
Category: Correctness
NOTE: This issue is disabled by default!
You can enable it by adding --enable StopShip
Using the comment // STOPSHIP can be used to flag code that is incomplete but
checked in. This comment marker can be used to indicate that the code should
not be shipped until the issue is addressed, and lint will look for these.
MissingPermission
Summary: Missing Permissions
Priority: 9 / 10
Severity: Error
Category: Correctness
This check scans through your code and libraries and looks at the APIs being
used, and checks this against the set of permissions required to access those
APIs. If the code using those APIs is called at runtime, then the program will
crash.
Furthermore, for permissions that are revocable (with targetSdkVersion 23),
client code must also be prepared to handle the calls throwing an exception if
the user rejects the request for permission at runtime.
MissingSuperCall
Summary: Missing Super Call
Priority: 9 / 10
Severity: Error
Category: Correctness
Some methods, such as View#onDetachedFromWindow, require that you also call
the super implementation as part of your method.
ResAuto
Summary: Hardcoded Package in Namespace
Priority: 9 / 10
Severity: Fatal
Category: Correctness
In Gradle projects, the actual package used in the final APK can vary; for
example,you can add a .debug package suffix in one version and not the other.
Therefore, you should not hardcode the application package in the resource;
instead, use the special namespace http://schemas.android.com/apk/res-auto
which will cause the tools to figure out the right namespace for the resource
regardless of the actual package used during the build.
SuspiciousImport
Summary: 'import android.R' statement
Priority: 9 / 10
Severity: Warning
Category: Correctness
Importing android.R is usually not intentional; it sometimes happens when you
use an IDE and ask it to automatically add imports at a time when your
project's R class it not present.
Once the import is there you might get a lot of "confusing" error messages
because of course the fields available on android.R are not the ones you'd
expect from just looking at your own R class.
UsesMinSdkAttributes
Summary: Minimum SDK and target SDK attributes not defined
Priority: 9 / 10
Severity: Warning
Category: Correctness
The manifest should contain a <uses-sdk> element which defines the minimum API
Level required for the application to run, as well as the target version (the
highest API level you have tested the version for.)
More information:
http://developer.android.com/guide/topics/manifest/uses-sdk-element.html
WrongViewCast
Summary: Mismatched view type
Priority: 9 / 10
Severity: Fatal
Category: Correctness
Keeps track of the view types associated with ids and if it finds a usage of
the id in the Java code it ensures that it is treated as the same type.
AaptCrash
Summary: Potential AAPT crash
Priority: 8 / 10
Severity: Fatal
Category: Correctness
Defining a style which sets android:id to a dynamically generated id can cause
many versions of aapt, the resource packaging tool, to crash. To work around
this, declare the id explicitly with <item type="id" name="..." /> instead.
More information:
https://code.google.com/p/android/issues/detail?id=20479
GradleCompatible
Summary: Incompatible Gradle Versions
Priority: 8 / 10
Severity: Error
Category: Correctness
There are some combinations of libraries, or tools and libraries, that are
incompatible, or can lead to bugs. One such incompatibility is compiling with
a version of the Android support libraries that is not the latest version (or
in particular, a version lower than your targetSdkVersion.)
GradlePluginVersion
Summary: Incompatible Android Gradle Plugin
Priority: 8 / 10
Severity: Error
Category: Correctness
Not all versions of the Android Gradle plugin are compatible with all versions
of the SDK. If you update your tools, or if you are trying to open a project
that was built with an old version of the tools, you may need to update your
plugin version number.
IllegalResourceRef
Summary: Name and version must be integer or string, not resource
Priority: 8 / 10
Severity: Warning
Category: Correctness
For the versionCode attribute, you have to specify an actual integer literal;
you cannot use an indirection with a @dimen/name resource. Similarly, the
versionName attribute should be an actual string, not a string resource url.
MergeMarker
Summary: Code contains merge marker
Priority: 8 / 10
Severity: Error
Category: Correctness
Many version control systems leave unmerged files with markers such as <<< in
the source code. This check looks for these markers, which are sometimes
accidentally left in, particularly in resource files where they don't break
compilation.
MissingLeanbackLauncher
Summary: Missing Leanback Launcher Intent Filter.
Priority: 8 / 10
Severity: Error
Category: Correctness
An application intended to run on TV devices must declare a launcher activity
for TV in its manifest using a android.intent.category.LEANBACK_LAUNCHER
intent filter.
More information:
https://developer.android.com/training/tv/start/start.html#tv-activity
MissingRegistered
Summary: Missing registered class
Priority: 8 / 10
Severity: Error
Category: Correctness
If a class is referenced in the manifest or in a layout file, it must also
exist in the project (or in one of the libraries included by the project. This
check helps uncover typos in registration names, or attempts to rename or move
classes without updating the manifest file properly.
More information:
http://developer.android.com/guide/topics/manifest/manifest-intro.html
MockLocation
Summary: Using mock location provider in production
Priority: 8 / 10
Severity: Fatal
Category: Correctness
Using a mock location provider (by requiring the permission
android.permission.ACCESS_MOCK_LOCATION) should only be done in debug builds
(or from tests). In Gradle projects, that means you should only request this
permission in a test or debug source set specific manifest file.
To fix this, create a new manifest file in the debug folder and move the
<uses-permission> element there. A typical path to a debug manifest override
file in a Gradle project is src/debug/AndroidManifest.xml.
NamespaceTypo
Summary: Misspelled namespace declaration
Priority: 8 / 10
Severity: Fatal
Category: Correctness
Accidental misspellings in namespace declarations can lead to some very
obscure error messages. This check looks for potential misspellings to help
track these down.
NotInterpolated
Summary: Incorrect Interpolation
Priority: 8 / 10
Severity: Error
Category: Correctness
To insert the value of a variable, you can use ${variable} inside a string
literal, but only if you are using double quotes!
More information:
http://www.groovy-lang.org/syntax.html#_string_interpolation
PendingBindings
Summary: Missing Pending Bindings
Priority: 8 / 10
Severity: Error
Category: Correctness
When using a ViewDataBinding in a onBindViewHolder method, you must call
executePendingBindings() before the method exits; otherwise the data binding
runtime will update the UI in the next animation frame causing a delayed
update and potential jumps if the item resizes.
Proguard
Summary: Using obsolete ProGuard configuration
Priority: 8 / 10
Severity: Fatal
Category: Correctness
Using -keepclasseswithmembernames in a proguard config file is not correct; it
can cause some symbols to be renamed which should not be.
Earlier versions of ADT used to create proguard.cfg files with the wrong
format. Instead of -keepclasseswithmembernames use -keepclasseswithmembers,
since the old flags also implies "allow shrinking" which means symbols only
referred to from XML and not Java (such as possibly CustomViews) can get
deleted.
More information:
http://http://code.google.com/p/android/issues/detail?id=16384
RecyclerView
Summary: RecyclerView Problems
Priority: 8 / 10
Severity: Error
Category: Correctness
RecyclerView will not call onBindViewHolder again when the position of the
item changes in the data set unless the item itself is invalidated or the new
position cannot be determined.
For this reason, you should only use the position parameter while acquiring
the related data item inside this method, and should not keep a copy of it.
If you need the position of an item later on (e.g. in a click listener), use
getAdapterPosition() which will have the updated adapter position.
ReferenceType
Summary: Incorrect reference types
Priority: 8 / 10
Severity: Fatal
Category: Correctness
When you generate a resource alias, the resource you are pointing to must be
of the same type as the alias
ResourceCycle
Summary: Cycle in resource definitions
Priority: 8 / 10
Severity: Fatal
Category: Correctness
There should be no cycles in resource definitions as this can lead to runtime
exceptions.
ResourceName
Summary: Resource with Wrong Prefix
Priority: 8 / 10
Severity: Fatal
Category: Correctness
In Gradle projects you can specify a resource prefix that all resources in the
project must conform to. This makes it easier to ensure that you don't
accidentally combine resources from different libraries, since they all end up
in the same shared app namespace.
ScrollViewCount
Summary: ScrollViews can have only one child
Priority: 8 / 10
Severity: Warning
Category: Correctness
ScrollViews can only have one child widget. If you want more children, wrap
them in a container layout.
StringShouldBeInt
Summary: String should be int
Priority: 8 / 10
Severity: Error
Category: Correctness
The properties compileSdkVersion, minSdkVersion and targetSdkVersion are
usually numbers, but can be strings when you are using an add-on (in the case
of compileSdkVersion) or a preview platform (for the other two properties).
However, you can not use a number as a string (e.g. "19" instead of 19); that
will result in a platform not found error message at build/sync time.
UnknownId
Summary: Reference to an unknown id
Priority: 8 / 10
Severity: Fatal
Category: Correctness
The @+id/ syntax refers to an existing id, or creates a new one if it has not
already been defined elsewhere. However, this means that if you have a typo in
your reference, or if the referred view no longer exists, you do not get a
warning since the id will be created on demand. This check catches errors
where you have renamed an id without updating all of the references to it.
WrongFolder
Summary: Resource file in the wrong res folder
Priority: 8 / 10
Severity: Fatal
Category: Correctness
Resource files are sometimes placed in the wrong folder, and it can lead to
subtle bugs that are hard to understand. This check looks for problems in this
area, such as attempting to place a layout "alias" file in a layout/ folder
rather than the values/ folder where it belongs.
CommitTransaction
Summary: Missing commit() calls
Priority: 7 / 10
Severity: Warning
Category: Correctness
After creating a FragmentTransaction, you typically need to commit it as well
DalvikOverride
Summary: Method considered overridden by Dalvik
Priority: 7 / 10
Severity: Error
Category: Correctness
The Android virtual machine will treat a package private method in one class
as overriding a package private method in its super class, even if they are in
separate packages. This may be surprising, but for compatibility reasons the
behavior has not been changed (yet).
If you really did intend for this method to override the other, make the
method protected instead.
If you did not intend the override, consider making the method private, or
changing its name or signature.
DeviceAdmin
Summary: Malformed Device Admin
Priority: 7 / 10
Severity: Warning
Category: Correctness
If you register a broadcast receiver which acts as a device admin, you must
also register an <intent-filter> for the action
android.app.action.DEVICE_ADMIN_ENABLED, without any <data>, such that the
device admin can be activated/deactivated.
To do this, add
<intent-filter>
<action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
</intent-filter>
to your <receiver>.
DuplicateIds
Summary: Duplicate ids within a single layout
Priority: 7 / 10
Severity: Fatal
Category: Correctness
Within a layout, id's should be unique since otherwise findViewById() can
return an unexpected view.
InconsistentArrays
Summary: Inconsistencies in array element counts
Priority: 7 / 10
Severity: Warning
Category: Correctness
When an array is translated in a different locale, it should normally have the
same number of elements as the original array. When adding or removing
elements to an array, it is easy to forget to update all the locales, and this
lint warning finds inconsistencies like these.
Note however that there may be cases where you really want to declare a
different number of array items in each configuration (for example where the
array represents available options, and those options differ for different
layout orientations and so on), so use your own judgement to decide if this is
really an error.
You can suppress this error type if it finds false errors in your project.
MissingTvBanner
Summary: TV Missing Banner
Priority: 7 / 10
Severity: Error
Category: Correctness
A TV application must provide a home screen banner for each localization if it
includes a Leanback launcher intent filter. The banner is the app launch point
that appears on the home screen in the apps and games rows.
More information:
http://developer.android.com/training/tv/start/start.html#banner
NestedScrolling
Summary: Nested scrolling widgets
Priority: 7 / 10
Severity: Warning
Category: Correctness
A scrolling widget such as a ScrollView should not contain any nested
scrolling widgets since this has various usability issues
ResourceAsColor
Summary: Should pass resolved color instead of resource id
Priority: 7 / 10
Severity: Error
Category: Correctness
Methods that take a color in the form of an integer should be passed an RGB
triple, not the actual color resource id. You must call
getResources().getColor(resource) to resolve the actual color value first.
ResourceType
Summary: Wrong Resource Type
Priority: 7 / 10
Severity: Fatal
Category: Correctness
Ensures that resource id's passed to APIs are of the right type; for example,
calling Resources.getColor(R.string.name) is wrong.
ScrollViewSize
Summary: ScrollView size validation
Priority: 7 / 10
Severity: Warning
Category: Correctness
ScrollView children must set their layout_width or layout_height attributes to
wrap_content rather than fill_parent or match_parent in the scrolling
dimension
TextViewEdits
Summary: TextView should probably be an EditText instead
Priority: 7 / 10
Severity: Warning
Category: Correctness
Using a <TextView> to input text is generally an error, you should be using
<EditText> instead. EditText is a subclass of TextView, and some of the
editing support is provided by TextView, so it's possible to set some
input-related properties on a TextView. However, using a TextView along with
input attributes is usually a cut & paste error. To input text you should be
using <EditText>.
This check also checks subclasses of TextView, such as Button and CheckBox,
since these have the same issue: they should not be used with editable
attributes.
WebViewLayout
Summary: WebViews in wrap_content parents
Priority: 7 / 10
Severity: Error
Category: Correctness
The WebView implementation has certain performance optimizations which will
not work correctly if the parent view is using wrap_content rather than
match_parent. This can lead to subtle UI bugs.
AppCompatMethod
Summary: Using Wrong AppCompat Method
Priority: 6 / 10
Severity: Warning
Category: Correctness
When using the appcompat library, there are some methods you should be calling
instead of the normal ones; for example, getSupportActionBar() instead of
getActionBar(). This lint check looks for calls to the wrong method.
More information:
http://developer.android.com/tools/support-library/index.html
ApplySharedPref
Summary: Use apply() on SharedPreferences
Priority: 6 / 10
Severity: Warning
Category: Correctness
Consider using apply() instead of commit on shared preferences. Whereas commit
blocks and writes its data to persistent storage immediately, apply will
handle it in the background.
Assert
Summary: Assertions
Priority: 6 / 10
Severity: Warning
Category: Correctness
Assertions are not checked at runtime. There are ways to request that they be
used by Dalvik (adb shell setprop debug.assert 1), but the property is ignored
in many places and can not be relied upon. Instead, perform conditional
checking inside if (BuildConfig.DEBUG) { } blocks. That constant is a static
final boolean which is true in debug builds and false in release builds, and
the Java compiler completely removes all code inside the if-body from the
app.
For example, you can replace assert speed > 0 with if (BuildConfig.DEBUG &&
!(speed > 0)) { throw new AssertionError() }.
(Note: This lint check does not flag assertions purely asserting nullness or
non-nullness; these are typically more intended for tools usage than runtime
checks.)
More information:
https://code.google.com/p/android/issues/detail?id=65183
CheckResult
Summary: Ignoring results
Priority: 6 / 10
Severity: Warning
Category: Correctness
Some methods have no side effects, an calling them without doing something
without the result is suspicious.
CommitPrefEdits
Summary: Missing commit() on SharedPreference editor
Priority: 6 / 10
Severity: Warning
Category: Correctness
After calling edit() on a SharedPreference, you must call commit() or apply()
on the editor to save the results.
CustomViewStyleable
Summary: Mismatched Styleable/Custom View Name
Priority: 6 / 10
Severity: Warning
Category: Correctness
The convention for custom views is to use a declare-styleable whose name
matches the custom view class name. The IDE relies on this convention such
that for example code completion can be offered for attributes in a custom
view in layout XML resource files.
(Similarly, layout parameter classes should use the suffix _Layout.)
CutPasteId
Summary: Likely cut & paste mistakes
Priority: 6 / 10
Severity: Warning
Category: Correctness
This lint check looks for cases where you have cut & pasted calls to
findViewById but have forgotten to update the R.id field. It's possible that
your code is simply (redundantly) looking up the field repeatedly, but lint
cannot distinguish that from a case where you for example want to initialize
fields prev and next and you cut & pasted findViewById(R.id.prev) and forgot
to update the second initialization to R.id.next.
DefaultLocale
Summary: Implied default locale in case conversion
Priority: 6 / 10
Severity: Warning
Category: Correctness
Calling String#toLowerCase() or #toUpperCase() without specifying an explicit
locale is a common source of bugs. The reason for that is that those methods
will use the current locale on the user's device, and even though the code
appears to work correctly when you are developing the app, it will fail in
some locales. For example, in the Turkish locale, the uppercase replacement
for i is not I.
If you want the methods to just perform ASCII replacement, for example to
convert an enum name, call String#toUpperCase(Locale.US) instead. If you
really want to use the current locale, call
String#toUpperCase(Locale.getDefault()) instead.
More information:
http://developer.android.com/reference/java/util/Locale.html#default_locale
DuplicateDefinition
Summary: Duplicate definitions of resources
Priority: 6 / 10
Severity: Error
Category: Correctness
You can define a resource multiple times in different resource folders; that's
how string translations are done, for example. However, defining the same
resource more than once in the same resource folder is likely an error, for
example attempting to add a new resource without realizing that the name is
already used, and so on.
DuplicateIncludedIds
Summary: Duplicate ids across layouts combined with include tags
Priority: 6 / 10
Severity: Warning
Category: Correctness
It's okay for two independent layouts to use the same ids. However, if layouts
are combined with include tags, then the id's need to be unique within any
chain of included layouts, or Activity#findViewById() can return an unexpected
view.
GradleDeprecated
Summary: Deprecated Gradle Construct
Priority: 6 / 10
Severity: Warning
Category: Correctness
This detector looks for deprecated Gradle constructs which currently work but
will likely stop working in a future update.
GradleGetter
Summary: Gradle Implicit Getter Call
Priority: 6 / 10
Severity: Error
Category: Correctness
Gradle will let you replace specific constants in your build scripts with
method calls, so you can for example dynamically compute a version string
based on your current version control revision number, rather than hardcoding
a number.
When computing a version name, it's tempting to for example call the method to
do that getVersionName. However, when you put that method call inside the
defaultConfig block, you will actually be calling the Groovy getter for the
versionName property instead. Therefore, you need to name your method
something which does not conflict with the existing implicit getters. Consider
using compute as a prefix instead of get.
ImpliedTouchscreenHardware
Summary: Hardware feature touchscreen not explicitly marked as optional
Priority: 6 / 10
Severity: Error
Category: Correctness
Apps require the android.hardware.touchscreen feature by default. If you want
your app to be available on TV, you must also explicitly declare that a
touchscreen is not required as follows:
<uses-feature android:name="android.hardware.touchscreen"
android:required="false"/>
More information:
https://developer.android.com/guide/topics/manifest/uses-feature-element.html
InconsistentLayout
Summary: Inconsistent Layouts
Priority: 6 / 10
Severity: Warning
Category: Correctness
This check ensures that a layout resource which is defined in multiple
resource folders, specifies the same set of widgets.
This finds cases where you have accidentally forgotten to add a widget to all
variations of the layout, which could result in a runtime crash for some
resource configurations when a findViewById() fails.
There are cases where this is intentional. For example, you may have a
dedicated large tablet layout which adds some extra widgets that are not
present in the phone version of the layout. As long as the code accessing the
layout resource is careful to handle this properly, it is valid. In that case,
you can suppress this lint check for the given extra or missing views, or the
whole layout
InlinedApi
Summary: Using inlined constants on older versions
Priority: 6 / 10
Severity: Warning
Category: Correctness
This check scans through all the Android API field references in the
application and flags certain constants, such as static final integers and
Strings, which were introduced in later versions. These will actually be
copied into the class files rather than being referenced, which means that the
value is available even when running on older devices. In some cases that's
fine, and in other cases it can result in a runtime crash or incorrect
behavior. It depends on the context, so consider the code carefully and device
whether it's safe and can be suppressed or whether the code needs tbe
guarded.
If you really want to use this API and don't need to support older devices
just set the minSdkVersion in your build.gradle or AndroidManifest.xml files.
If your code is deliberately accessing newer APIs, and you have ensured (e.g.
with conditional execution) that this code will only ever be called on a
supported platform, then you can annotate your class or method with the
@TargetApi annotation specifying the local minimum SDK to apply, such as
@TargetApi(11), such that this check considers 11 rather than your manifest
file's minimum SDK as the required API level.
Instantiatable
Summary: Registered class is not instantiatable
Priority: 6 / 10
Severity: Fatal
Category: Correctness
Activities, services, broadcast receivers etc. registered in the manifest file
(or for custom views, in a layout file) must be "instantiatable" by the
system, which means that the class must be public, it must have an empty
public constructor, and if it's an inner class, it must be a static inner
class.
InvalidAnalyticsName
Summary: Invalid Analytics Name
Priority: 6 / 10
Severity: Error
Category: Correctness
Event names and parameters must follow the naming conventions defined in
theFirebaseAnalytics#logEvent()
documentation.
More information:
http://firebase.google.com/docs/reference/android/com/google/firebase/analytics/FirebaseAnalytics#logEvent(java.lang.String,%20android.os.Bundle)
InvalidId
Summary: Invalid ID declaration
Priority: 6 / 10
Severity: Fatal
Category: Correctness
An id definition must be of the form @+id/yourname. The tools have not
rejected strings of the form @+foo/bar in the past, but that was an error, and
could lead to tricky errors because of the way the id integers are assigned.
If you really want to have different "scopes" for your id's, use prefixes
instead, such as login_button1 and login_button2.
InvalidPackage
Summary: Package not included in Android
Priority: 6 / 10
Severity: Error
Category: Correctness
This check scans through libraries looking for calls to APIs that are not
included in Android.
When you create Android projects, the classpath is set up such that you can
only access classes in the API packages that are included in Android. However,
if you add other projects to your libs/ folder, there is no guarantee that
those .jar files were built with an Android specific classpath, and in
particular, they could be accessing unsupported APIs such as java.applet.
This check scans through library jars and looks for references to API packages
that are not included in Android and flags these. This is only an error if
your code calls one of the library classes which wind up referencing the
unsupported package.
InvalidResourceFolder
Summary: Invalid Resource Folder
Priority: 6 / 10
Severity: Error
Category: Correctness
This lint check looks for a folder name that is not a valid resource folder
name; these will be ignored and not packaged by the Android Gradle build
plugin.
Note that the order of resources is very important; for example, you can't
specify a language before a network code.
Similarly, note that to use 3 letter region codes, you have to use a special
BCP 47 syntax: the prefix b+ followed by the BCP 47 language tag but with + as
the individual separators instead of -. Therefore, for the BCP 47 language tag
nl-ABW you have to use b+nl+ABW.
More information:
http://developer.android.com/guide/topics/resources/providing-resources.html
https://tools.ietf.org/html/bcp47
InvalidUsesTagAttribute
Summary: Invalid name attribute for uses element.
Priority: 6 / 10
Severity: Error
Category: Correctness
The <uses> element in <automotiveApp> should contain a valid value for the
name attribute.
Valid values are media or notification.
More information:
https://developer.android.com/training/auto/start/index.html#auto-metadata
LibraryCustomView
Summary: Custom views in libraries should use res-auto-namespace
Priority: 6 / 10
Severity: Fatal
Category: Correctness
When using a custom view with custom attributes in a library project, the
layout must use the special namespace http://schemas.android.com/apk/res-auto
instead of a URI which includes the library project's own package. This will
be used to automatically adjust the namespace of the attributes when the
library resources are merged into the application project.
LocaleFolder
Summary: Wrong locale name
Priority: 6 / 10
Severity: Warning
Category: Correctness
From the java.util.Locale documentation:
"Note that Java uses several deprecated two-letter codes. The Hebrew ("he")
language code is rewritten as "iw", Indonesian ("id") as "in", and Yiddish
("yi") as "ji". This rewriting happens even if you construct your own Locale
object, not just for instances returned by the various lookup methods.
Because of this, if you add your localized resources in for example values-he
they will not be used, since the system will look for values-iw instead.
To work around this, place your resources in a values folder using the
deprecated language code instead.
More information:
http://developer.android.com/reference/java/util/Locale.html
ManifestResource
Summary: Manifest Resource References
Priority: 6 / 10
Severity: Fatal
Category: Correctness
Elements in the manifest can reference resources, but those resources cannot
vary across configurations (except as a special case, by version, and except
for a few specific package attributes such as the application title and
icon.)
MissingBackupPin
Summary: Missing Backup Pin
Priority: 6 / 10
Severity: Warning
Category: Correctness
It is highly recommended to declare a backup <pin> element. Not having a
second pin defined can cause connection failures when the particular site
certificate is rotated and the app has not yet been updated.
More information:
https://developer.android.com/preview/features/security-config.html
MissingConstraints
Summary: Missing Constraints in ConstraintLayout
Priority: 6 / 10
Severity: Error
Category: Correctness
The layout editor allows you to place widgets anywhere on the canvas, and it
records the current position with designtime attributes (such as
layout_editor_absoluteX.) These attributes are not applied at runtime, so if
you push your layout on a device, the widgets may appear in a different
location than shown in the editor. To fix this, make sure a widget has both
horizontal and vertical constraints by dragging from the edge connections.
MissingIntentFilterForMediaSearch
Summary: Missing intent-filter with action
android.media.action.MEDIA_PLAY_FROM_SEARCH
Priority: 6 / 10
Severity: Error
Category: Correctness
To support voice searches on Android Auto, you should also register an
intent-filter for the action android.media.action.MEDIA_PLAY_FROM_SEARCH.
To do this, add
<intent-filter>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH" />
</intent-filter>
to your <activity> or <service>.
More information:
https://developer.android.com/training/auto/audio/index.html#support_voice
MissingLeanbackSupport
Summary: Missing Leanback Support.
Priority: 6 / 10
Severity: Error
Category: Correctness
The manifest should declare the use of the Leanback user interface required by
Android TV.
To fix this, add
<uses-feature android:name="android.software.leanback"
android:required="false" />
to your manifest.
More information:
https://developer.android.com/training/tv/start/start.html#leanback-req
MissingMediaBrowserServiceIntentFilter
Summary: Missing intent-filter with action
android.media.browse.MediaBrowserService.
Priority: 6 / 10
Severity: Error
Category: Correctness
An Automotive Media App requires an exported service that extends
android.service.media.MediaBrowserService with an intent-filter for the action
android.media.browse.MediaBrowserService to be able to browse and play media.
To do this, add
<intent-filter>
<action android:name="android.media.browse.MediaBrowserService" />
</intent-filter>
to the service that extends android.service.media.MediaBrowserService
More information:
https://developer.android.com/training/auto/audio/index.html#config_manifest
MissingOnPlayFromSearch
Summary: Missing onPlayFromSearch.
Priority: 6 / 10
Severity: Error
Category: Correctness
To support voice searches on Android Auto, in addition to adding an
intent-filter for the action onPlayFromSearch, you also need to override and
implement onPlayFromSearch(String query, Bundle bundle)
More information:
https://developer.android.com/training/auto/audio/index.html#support_voice
MissingPrefix
Summary: Missing Android XML namespace
Priority: 6 / 10
Severity: Error
Category: Correctness
Most Android views have attributes in the Android namespace. When referencing
these attributes you must include the namespace prefix, or your attribute will
be interpreted by aapt as just a custom attribute.
Similarly, in manifest files, nearly all attributes should be in the android:
namespace.
MultipleUsesSdk
Summary: Multiple <uses-sdk> elements in the manifest
Priority: 6 / 10
Severity: Fatal
Category: Correctness
The <uses-sdk> element should appear just once; the tools will not merge the
contents of all the elements so if you split up the attributes across multiple
elements, only one of them will take effect. To fix this, just merge all the
attributes from the various elements into a single <uses-sdk> element.
More information:
http://developer.android.com/guide/topics/manifest/uses-sdk-element.html
NewApi
Summary: Calling new methods on older versions
Priority: 6 / 10
Severity: Error
Category: Correctness
This check scans through all the Android API calls in the application and
warns about any calls that are not available on all versions targeted by this
application (according to its minimum SDK attribute in the manifest).
If you really want to use this API and don't need to support older devices
just set the minSdkVersion in your build.gradle or AndroidManifest.xml files.
If your code is deliberately accessing newer APIs, and you have ensured (e.g.
with conditional execution) that this code will only ever be called on a
supported platform, then you can annotate your class or method with the
@TargetApi annotation specifying the local minimum SDK to apply, such as
@TargetApi(11), such that this check considers 11 rather than your manifest
file's minimum SDK as the required API level.
If you are deliberately setting android: attributes in style definitions, make
sure you place this in a values-vNN folder in order to avoid running into
runtime conflicts on certain devices where manufacturers have added custom
attributes whose ids conflict with the new ones on later platforms.
Similarly, you can use tools:targetApi="11" in an XML file to indicate that
the element will only be inflated in an adequate context.
NotSibling
Summary: RelativeLayout Invalid Constraints
Priority: 6 / 10
Severity: Fatal
Category: Correctness
Layout constraints in a given RelativeLayout should reference other views
within the same relative layout (but not itself!)
OldTargetApi
Summary: Target SDK attribute is not targeting latest version
Priority: 6 / 10
Severity: Warning
Category: Correctness
When your application runs on a version of Android that is more recent than
your targetSdkVersion specifies that it has been tested with, various
compatibility modes kick in. This ensures that your application continues to
work, but it may look out of place. For example, if the targetSdkVersion is
less than 14, your app may get an option button in the UI.
To fix this issue, set the targetSdkVersion to the highest available value.
Then test your app to make sure everything works correctly. You may want to
consult the compatibility notes to see what changes apply to each version you
are adding support for:
http://developer.android.com/reference/android/os/Build.VERSION_CODES.html
More information:
http://developer.android.com/reference/android/os/Build.VERSION_CODES.html
Override
Summary: Method conflicts with new inherited method
Priority: 6 / 10
Severity: Error
Category: Correctness
Suppose you are building against Android API 8, and you've subclassed
Activity. In your subclass you add a new method called isDestroyed(). At some
later point, a method of the same name and signature is added to Android. Your
method will now override the Android method, and possibly break its contract.
Your method is not calling super.isDestroyed(), since your compilation target
doesn't know about the method.
The above scenario is what this lint detector looks for. The above example is
real, since isDestroyed() was added in API 17, but it will be true for any
method you have added to a subclass of an Android class where your build
target is lower than the version the method was introduced in.
To fix this, either rename your method, or if you are really trying to augment
the builtin method if available, switch to a higher build target where you can
deliberately add @Override on your overriding method, and call super if
appropriate etc.
OverrideAbstract
Summary: Not overriding abstract methods on older platforms
Priority: 6 / 10
Severity: Fatal
Category: Correctness
To improve the usability of some APIs, some methods that used to be abstract
have been made concrete by adding default implementations. This means that
when compiling with new versions of the SDK, your code does not have to
override these methods.
However, if your code is also targeting older versions of the platform where
these methods were still abstract, the code will crash. You must override all
methods that used to be abstract in any versions targeted by your
application's minSdkVersion.
PinSetExpiry
Summary: Validate <pin-set> expiration attribute
Priority: 6 / 10
Severity: Warning
Category: Correctness
Ensures that the expiration attribute of the <pin-set> element is valid and
has not already expired or is expiring soon
More information:
https://developer.android.com/preview/features/security-config.html
PropertyEscape
Summary: Incorrect property escapes
Priority: 6 / 10
Severity: Error
Category: Correctness
All backslashes and colons in .property files must be escaped with a backslash
(). This means that when writing a Windows path, you must escape the file
separators, so the path \My\Files should be written as key=\My\Files.
Range
Summary: Outside Range
Priority: 6 / 10
Severity: Error
Category: Correctness
Some parameters are required to in a particular numerical range; this check
makes sure that arguments passed fall within the range. For arrays, Strings
and collections this refers to the size or length.
Registered
Summary: Class is not registered in the manifest
Priority: 6 / 10
Severity: Warning
Category: Correctness
Activities, services and content providers should be registered in the
AndroidManifest.xml file using <activity>, <service> and <provider> tags.
If your activity is simply a parent class intended to be subclassed by other
"real" activities, make it an abstract class.
More information:
http://developer.android.com/guide/topics/manifest/manifest-intro.html
SdCardPath
Summary: Hardcoded reference to /sdcard
Priority: 6 / 10
Severity: Warning
Category: Correctness
Your code should not reference the /sdcard path directly; instead use
Environment.getExternalStorageDirectory().getPath().
Similarly, do not reference the /data/data/ path directly; it can vary in
multi-user scenarios. Instead, use Context.getFilesDir().getPath().
More information:
http://developer.android.com/guide/topics/data/data-storage.html#filesExternal
ServiceCast
Summary: Wrong system service casts
Priority: 6 / 10
Severity: Fatal
Category: Correctness
When you call Context#getSystemService(), the result is typically cast to a
specific interface. This lint check ensures that the cast is compatible with
the expected type of the return value.
ShortAlarm
Summary: Short or Frequent Alarm
Priority: 6 / 10
Severity: Warning
Category: Correctness
Frequent alarms are bad for battery life. As of API 22, the AlarmManager will
override near-future and high-frequency alarm requests, delaying the alarm at
least 5 seconds into the future and ensuring that the repeat interval is at
least 60 seconds.
If you really need to do work sooner than 5 seconds, post a delayed message or
runnable to a Handler.
ShowToast
Summary: Toast created but not shown
Priority: 6 / 10
Severity: Warning
Category: Correctness
Toast.makeText() creates a Toast but does not show it. You must call show() on
the resulting object to actually make the Toast appear.
SimpleDateFormat
Summary: Implied locale in date format
Priority: 6 / 10
Severity: Warning
Category: Correctness
Almost all callers should use getDateInstance(), getDateTimeInstance(), or
getTimeInstance() to get a ready-made instance of SimpleDateFormat suitable
for the user's locale. The main reason you'd create an instance this class
directly is because you need to format/parse a specific machine-readable
format, in which case you almost certainly want to explicitly ask for US to
ensure that you get ASCII digits (rather than, say, Arabic digits).
Therefore, you should either use the form of the SimpleDateFormat constructor
where you pass in an explicit locale, such as Locale.US, or use one of the get
instance methods, or suppress this error if really know what you are doing.
More information:
http://developer.android.com/reference/java/text/SimpleDateFormat.html
Suspicious0dp
Summary: Suspicious 0dp dimension
Priority: 6 / 10
Severity: Error
Category: Correctness
Using 0dp as the width in a horizontal LinearLayout with weights is a useful
trick to ensure that only the weights (and not the intrinsic sizes) are used
when sizing the children.
However, if you use 0dp for the opposite dimension, the view will be
invisible. This can happen if you change the orientation of a layout without
also flipping the 0dp dimension in all the children.
UniquePermission
Summary: Permission names are not unique
Priority: 6 / 10
Severity: Fatal
Category: Correctness
The unqualified names or your permissions must be unique. The reason for this
is that at build time, the aapt tool will generate a class named Manifest
which contains a field for each of your permissions. These fields are named
using your permission unqualified names (i.e. the name portion after the last
dot).
If more than one permission maps to the same field name, that field will
arbitrarily name just one of them.
UnsupportedTvHardware
Summary: Unsupported TV Hardware Feature
Priority: 6 / 10
Severity: Error
Category: Correctness
The <uses-feature> element should not require this unsupported TV hardware
feature. Any uses-feature not explicitly marked with required="false" is
necessary on the device to be installed on. Ensure that any features that
might prevent it from being installed on a TV device are reviewed and marked
as not required in the manifest.
More information:
https://developer.android.com/training/tv/start/hardware.html#unsupported-features
UnusedAttribute
Summary: Attribute unused on older versions
Priority: 6 / 10
Severity: Warning
Category: Correctness
This check finds attributes set in XML files that were introduced in a version
newer than the oldest version targeted by your application (with the
minSdkVersion attribute).
This is not an error; the application will simply ignore the attribute.
However, if the attribute is important to the appearance of functionality of
your application, you should consider finding an alternative way to achieve
the same result with only available attributes, and then you can optionally
create a copy of the layout in a layout-vNN folder which will be used on API
NN or higher where you can take advantage of the newer attribute.
Note: This check does not only apply to attributes. For example, some tags can
be unused too, such as the new <tag> element in layouts introduced in API 21.
UseAlpha2
Summary: Using 3-letter Codes
Priority: 6 / 10
Severity: Warning
Category: Correctness
For compatibility with earlier devices, you should only use 3-letter language
and region codes when there is no corresponding 2 letter code.
More information:
https://tools.ietf.org/html/bcp47
ValidFragment
Summary: Fragment not instantiatable
Priority: 6 / 10
Severity: Fatal
Category: Correctness
From the Fragment documentation:
Every fragment must have an empty constructor, so it can be instantiated when
restoring its activity's state. It is strongly recommended that subclasses do
not have other constructors with parameters, since these constructors will not
be called when the fragment is re-instantiated; instead, arguments can be
supplied by the caller with setArguments(Bundle) and later retrieved by the
Fragment with getArguments().
More information:
http://developer.android.com/reference/android/app/Fragment.html#Fragment()
WifiManagerLeak
Summary: WifiManager Leak
Priority: 6 / 10
Severity: Fatal
Category: Correctness
On versions prior to Android N (24), initializing the WifiManager via
Context#getSystemService can cause a memory leak if the context is not the
application context. Change context.getSystemService(...) to
context.getApplicationContext().getSystemService(...).
WifiManagerPotentialLeak
Summary: WifiManager Potential Leak
Priority: 6 / 10
Severity: Warning
Category: Correctness
On versions prior to Android N (24), initializing the WifiManager via
Context#getSystemService can cause a memory leak if the context is not the
application context.
In many cases, it's not obvious from the code where the Context is coming from
(e.g. it might be a parameter to a method, or a field initialized from various
method calls.) It's possible that the context being passed in is the
application context, but to be on the safe side, you should consider changing
context.getSystemService(...) to
context.getApplicationContext().getSystemService(...).
WrongCall
Summary: Using wrong draw/layout method
Priority: 6 / 10
Severity: Fatal
Category: Correctness
Custom views typically need to call measure() on their children, not
onMeasure. Ditto for onDraw, onLayout, etc.
WrongManifestParent
Summary: Wrong manifest parent
Priority: 6 / 10
Severity: Fatal
Category: Correctness
The <uses-library> element should be defined as a direct child of the
<application> tag, not the <manifest> tag or an <activity> tag. Similarly, a
<uses-sdk> tag must be declared at the root level, and so on. This check looks
for incorrect declaration locations in the manifest, and complains if an
element is found in the wrong place.
More information:
http://developer.android.com/guide/topics/manifest/manifest-intro.html
WrongRegion
Summary: Suspicious Language/Region Combination
Priority: 6 / 10
Severity: Warning
Category: Correctness
Android uses the letter codes ISO 639-1 for languages, and the letter codes
ISO 3166-1 for the region codes. In many cases, the language code and the
country where the language is spoken is the same, but it is also often not the
case. For example, while 'se' refers to Sweden, where Swedish is spoken, the
language code for Swedish is not se (which refers to the Northern Sami
language), the language code is sv. And similarly the region code for sv is El
Salvador.
This lint check looks for suspicious language and region combinations, to help
catch cases where you've accidentally used the wrong language or region code.
Lint knows about the most common regions where a language is spoken, and if a
folder combination is not one of these, it is flagged as suspicious.
Note however that it may not be an error: you can theoretically have speakers
of any language in any region and want to target that with your resources, so
this check is aimed at tracking down likely mistakes, not to enforce a
specific set of region and language combinations.
WrongThread
Summary: Wrong Thread
Priority: 6 / 10
Severity: Error
Category: Correctness
Ensures that a method which expects to be called on a specific thread, is
actually called from that thread. For example, calls on methods in widgets
should always be made on the UI thread.
More information:
http://developer.android.com/guide/components/processes-and-threads.html#Threads
AppCompatResource
Summary: Menu namespace
Priority: 5 / 10
Severity: Error
Category: Correctness
When using the appcompat library, menu resources should refer to the
showAsAction in the app: namespace, not the android: namespace.
Similarly, when not using the appcompat library, you should be using the
android:showAsAction attribute.
AppLinksAutoVerifyError
Summary: App Links Auto Verification Failure
Priority: 5 / 10
Severity: Error
Category: Correctness
NOTE: This issue is disabled by default!
You can enable it by adding --enable AppLinksAutoVerifyError
Ensures that app links are correctly set and associated with website.
More information:
https://g.co/appindexing/applinks
AppLinksAutoVerifyWarning
Summary: Potential App Links Auto Verification Failure
Priority: 5 / 10
Severity: Warning
Category: Correctness
NOTE: This issue is disabled by default!
You can enable it by adding --enable AppLinksAutoVerifyWarning
Ensures that app links are correctly set and associated with website.
More information:
https://g.co/appindexing/applinks
BatteryLife
Summary: Battery Life Issues
Priority: 5 / 10
Severity: Warning
Category: Correctness
This issue flags code that either
- negatively affects battery life, or
- uses APIs that have recently changed behavior to prevent background tasks
from consuming memory and battery excessively.
Generally, you should be using JobScheduler or GcmNetworkManager instead.
For more details on how to update your code, please
seehttp://developer.android.com/preview/features/background-optimization.html
More information:
http://developer.android.com/preview/features/background-optimization.html
DuplicateActivity
Summary: Activity registered more than once
Priority: 5 / 10
Severity: Fatal
Category: Correctness
An activity should only be registered once in the manifest. If it is
accidentally registered more than once, then subtle errors can occur, since
attribute declarations from the two elements are not merged, so you may
accidentally remove previous declarations.
DuplicateUsesFeature
Summary: Feature declared more than once
Priority: 5 / 10
Severity: Warning
Category: Correctness
A given feature should only be declared once in the manifest.
FullBackupContent
Summary: Valid Full Backup Content File
Priority: 5 / 10
Severity: Fatal
Category: Correctness
Ensures that a <full-backup-content> file, which is pointed to by a
android:fullBackupContent attribute in the manifest file, is valid
More information:
http://android-developers.blogspot.com/2015/07/auto-backup-for-apps-made-simple.html
IncludeLayoutParam
Summary: Ignored layout params on include
Priority: 5 / 10
Severity: Error
Category: Correctness
Layout parameters specified on an <include> tag will only be used if you also
override layout_width and layout_height on the <include> tag; otherwise they
will be ignored.
More information:
http://stackoverflow.com/questions/2631614/does-android-xml-layouts-include-tag-really-work
InflateParams
Summary: Layout Inflation without a Parent
Priority: 5 / 10
Severity: Warning
Category: Correctness
When inflating a layout, avoid passing in null as the parent view, since
otherwise any layout parameters on the root of the inflated layout will be
ignored.
More information:
http://www.doubleencore.com/2013/05/layout-inflation-as-intended
LogTagMismatch
Summary: Mismatched Log Tags
Priority: 5 / 10
Severity: Error
Category: Correctness
When guarding a Log.v(tag, ...) call with Log.isLoggable(tag), the tag passed
to both calls should be the same. Similarly, the level passed in to
Log.isLoggable should typically match the type of Log call, e.g. if checking
level Log.DEBUG, the corresponding Log call should be Log.d, not Log.i.
LongLogTag
Summary: Too Long Log Tags
Priority: 5 / 10
Severity: Error
Category: Correctness
Log tags are only allowed to be at most 23 tag characters long.
ManifestOrder
Summary: Incorrect order of elements in manifest
Priority: 5 / 10
Severity: Warning
Category: Correctness
The <application> tag should appear after the elements which declare which
version you need, which features you need, which libraries you need, and so
on. In the past there have been subtle bugs (such as themes not getting
applied correctly) when the <application> tag appears before some of these
other elements, so it's best to order your manifest in the logical dependency
order.
ManifestTypo
Summary: Typos in manifest tags
Priority: 5 / 10
Severity: Fatal
Category: Correctness
This check looks through the manifest, and if it finds any tags that look like
likely misspellings, they are flagged.
MissingId
Summary: Fragments should specify an id or tag
Priority: 5 / 10
Severity: Warning
Category: Correctness
If you do not specify an android:id or an android:tag attribute on a
<fragment> element, then if the activity is restarted (for example for an
orientation rotation) you may lose state. From the fragment documentation:
"Each fragment requires a unique identifier that the system can use to restore
the fragment if the activity is restarted (and which you can use to capture
the fragment to perform transactions, such as remove it).
- Supply the android:id attribute with a unique ID.
- Supply the android:tag attribute with a unique string.
If you provide neither of the previous two, the system uses the ID of the
container view.
More information:
http://developer.android.com/guide/components/fragments.html
NetworkSecurityConfig
Summary: Valid Network Security Config File
Priority: 5 / 10
Severity: Fatal
Category: Correctness
Ensures that a <network-security-config> file, which is pointed to by an
android:networkSecurityConfig attribute in the manifest file, is valid
More information:
https://developer.android.com/preview/features/security-config.html
NfcTechWhitespace
Summary: Whitespace in NFC tech lists
Priority: 5 / 10
Severity: Fatal
Category: Correctness
In a <tech-list>, there can be whitespace around the <tech> elements,but not
inside them. This is because the code which reads in the tech list is
currently very strict and will include the whitespace as part of the name.
In other words, use <tech>name</tech>, not <tech> name </tech>.
More information:
https://code.google.com/p/android/issues/detail?id=65351
ProtectedPermissions
Summary: Using system app permission
Priority: 5 / 10
Severity: Error
Category: Correctness
Permissions with the protection level signature or signatureOrSystem are only
granted to system apps. If an app is a regular non-system app, it will never
be able to use these permissions.
SQLiteString
Summary: Using STRING instead of TEXT
Priority: 5 / 10
Severity: Warning
Category: Correctness
In SQLite, any column can store any data type; the declared type for a column
is more of a hint as to what the data should be cast to when stored.
There are many ways to store a string. TEXT, VARCHAR, CHARACTER and CLOB are
string types, but STRING
is not. Columns defined as STRING are actually
numeric.
If you try to store a value in a numeric column, SQLite will try to cast it to
a float or an integer before storing. If it can't, it will just store it as a
string.
This can lead to some subtle bugs. For example, when SQLite encounters a
string like 1234567e1234, it will parse it as a float, but the result will be
out of range for floating point numbers, so Inf will be stored! Similarly,
strings that look like integers will lose leading zeroes.
To fix this, you can change your schema to use a TEXT type instead.
More information:
https://www.sqlite.org/datatype3.html
StateListReachable
Summary: Unreachable state in a <selector>
Priority: 5 / 10
Severity: Warning
Category: Correctness
In a selector, only the last child in the state list should omit a state
qualifier. If not, all subsequent items in the list will be ignored since the
given item will match all.
UnknownIdInLayout
Summary: Reference to an id that is not in the current layout
Priority: 5 / 10
Severity: Warning
Category: Correctness
The @+id/ syntax refers to an existing id, or creates a new one if it has not
already been defined elsewhere. However, this means that if you have a typo in
your reference, or if the referred view no longer exists, you do not get a
warning since the id will be created on demand.
This is sometimes intentional, for example where you are referring to a view
which is provided in a different layout via an include. However, it is usually
an accident where you have a typo or you have renamed a view without updating
all the references to it.
UnlocalizedSms
Summary: SMS phone number missing country code
Priority: 5 / 10
Severity: Warning
Category: Correctness
SMS destination numbers must start with a country code or the application code
must ensure that the SMS is only sent when the user is in the same country as
the receiver.
ValidRestrictions
Summary: Invalid Restrictions Descriptor
Priority: 5 / 10
Severity: Fatal
Category: Correctness
Ensures that an applications restrictions XML file is properly formed
More information:
https://developer.android.com/reference/android/content/RestrictionsManager.html
VectorDrawableCompat
Summary: Using VectorDrawableCompat
Priority: 5 / 10
Severity: Error
Category: Correctness
To use VectorDrawableCompat, you need to make two modifications to your
project. First, set android.defaultConfig.vectorDrawables.useSupportLibrary =
true in your build.gradle file, and second, use app:srcCompat instead of
android:src to refer to vector drawables.
More information:
http://chris.banes.me/2016/02/25/appcompat-vector/#enabling-the-flag
VectorRaster
Summary: Vector Image Generation
Priority: 5 / 10
Severity: Warning
Category: Correctness
Vector icons require API 21, but when using Android Gradle plugin 1.4 or
higher, vectors placed in the drawable folder are automatically moved to
drawable-dpi-v21 and a bitmap image is generated each drawable-dpi folder
instead, for backwards compatibility (provided minSdkVersion is less than
21.).
However, there are some limitations to this vector image generation, and this
lint check flags elements and attributes that are not fully supported. You
should manually check whether the generated output is acceptable for those
older devices.
GradleDependency
Summary: Obsolete Gradle Dependency
Priority: 4 / 10
Severity: Warning
Category: Correctness
This detector looks for usages of libraries where the version you are using is
not the current stable release. Using older versions is fine, and there are
cases where you deliberately want to stick with an older version. However, you
may simply not be aware that a more recent version is available, and that is
what this lint check helps find.
GradleDynamicVersion
Summary: Gradle Dynamic Version
Priority: 4 / 10
Severity: Warning
Category: Correctness
Using + in dependencies lets you automatically pick up the latest available
version rather than a specific, named version. However, this is not
recommended; your builds are not repeatable; you may have tested with a
slightly different version than what the build server used. (Using a dynamic
version as the major version number is more problematic than using it in the
minor version position.)
GradleIdeError
Summary: Gradle IDE Support Issues
Priority: 4 / 10
Severity: Error
Category: Correctness
Gradle is highly flexible, and there are things you can do in Gradle files
which can make it hard or impossible for IDEs to properly handle the project.
This lint check looks for constructs that potentially break IDE support.
GradleOverrides
Summary: Value overridden by Gradle build script
Priority: 4 / 10
Severity: Warning
Category: Correctness
The value of (for example) minSdkVersion is only used if it is not specified
in the build.gradle build scripts. When specified in the Gradle build scripts,
the manifest value is ignored and can be misleading, so should be removed to
avoid ambiguity.
GradlePath
Summary: Gradle Path Issues
Priority: 4 / 10
Severity: Warning
Category: Correctness
Gradle build scripts are meant to be cross platform, so file paths use
Unix-style path separators (a forward slash) rather than Windows path
separators (a backslash). Similarly, to keep projects portable and repeatable,
avoid using absolute paths on the system; keep files within the project
instead. To share code between projects, consider creating an android-library
and an AAR dependency
GridLayout
Summary: GridLayout validation
Priority: 4 / 10
Severity: Fatal
Category: Correctness
Declaring a layout_row or layout_column that falls outside the declared size
of a GridLayout's rowCount or columnCount is usually an unintentional error.
InOrMmUsage
Summary: Using mm or in dimensions
Priority: 4 / 10
Severity: Warning
Category: Correctness
Avoid using mm (millimeters) or in (inches) as the unit for dimensions.
While it should work in principle, unfortunately many devices do not report
the correct true physical density, which means that the dimension calculations
won't work correctly. You are better off using dp (and for font sizes, sp.)
NewerVersionAvailable
Summary: Newer Library Versions Available
Priority: 4 / 10
Severity: Warning
Category: Correctness
NOTE: This issue is disabled by default!
You can enable it by adding --enable NewerVersionAvailable
This detector checks with a central repository to see if there are newer
versions available for the dependencies used by this project. This is similar
to the GradleDependency check, which checks for newer versions available in
the Android SDK tools and libraries, but this works with any MavenCentral
dependency, and connects to the library every time, which makes it more
flexible but also much slower.
ObjectAnimatorBinding
Summary: Incorrect ObjectAnimator Property
Priority: 4 / 10
Severity: Error
Category: Correctness
This check cross references properties referenced by String from
ObjectAnimator and PropertyValuesHolder method calls and ensures that the
corresponding setter methods exist and have the right signatures.
RequiredSize
Summary: Missing layout_width or layout_height attributes
Priority: 4 / 10
Severity: Error
Category: Correctness
All views must specify an explicit layout_width and layout_height attribute.
There is a runtime check for this, so if you fail to specify a size, an
exception is thrown at runtime.
It's possible to specify these widths via styles as well. GridLayout, as a
special case, does not require you to specify a size.
RestrictedApi
Summary: Restricted API
Priority: 4 / 10
Severity: Error
Category: Correctness
This API has been flagged with a restriction that has not been met.
Examples of API restrictions:
- Method can only be invoked by a subclass
- Method can only be accessed from within the same library (defined by the
Gradle library group id)
.* Method can only be accessed from tests.
.
You can add your own API restrictions with the @RestrictTo annotation.
VisibleForTests
Summary: Visible Only For Tests
Priority: 4 / 10
Severity: Warning
Category: Correctness
With the @VisibleForTesting annotation you can specify an otherwise= attribute
which specifies the intended visibility if the method had not been made more
widely visible for the tests.
This check looks for accesses from production code (e.g. not tests) where the
access would not have been allowed with the intended production visibility.
WrongCase
Summary: Wrong case for view tag
Priority: 4 / 10
Severity: Fatal
Category: Correctness
Most layout tags, such as <Button>, refer to actual view classes and are
therefore capitalized. However, there are exceptions such as <fragment> and
<include>. This lint check looks for incorrect capitalizations.
More information:
http://developer.android.com/guide/components/fragments.html
ExtraText
Summary: Extraneous text in resource files
Priority: 3 / 10
Severity: Warning
Category: Correctness
Layout resource files should only contain elements and attributes. Any XML
text content found in the file is likely accidental (and potentially dangerous
if the text resembles XML and the developer believes the text to be
functional)
InnerclassSeparator
Summary: Inner classes should use $ rather than .
Priority: 3 / 10
Severity: Warning
Category: Correctness
When you reference an inner class in a manifest file, you must use '$' instead
of '.' as the separator character, i.e. Outer$Inner instead of Outer.Inner.
(If you get this warning for a class which is not actually an inner class,
it's because you are using uppercase characters in your package name, which is
not conventional.)
LocalSuppress
Summary: @SuppressLint on invalid element
Priority: 3 / 10
Severity: Error
Category: Correctness
The @SuppressAnnotation is used to suppress Lint warnings in Java files.
However, while many lint checks analyzes the Java source code, where they can
find annotations on (for example) local variables, some checks are analyzing
the .class files. And in class files, annotations only appear on classes,
fields and methods. Annotations placed on local variables disappear. If you
attempt to suppress a lint error for a class-file based lint check, the
suppress annotation not work. You must move the annotation out to the
surrounding method.
ParcelClassLoader
Summary: Default Parcel Class Loader
Priority: 3 / 10
Severity: Warning
Category: Correctness
The documentation for Parcel#readParcelable(ClassLoader) (and its variations)
says that you can pass in null to pick up the default class loader. However,
that ClassLoader is a system class loader and is not able to find classes in
your own application.
If you are writing your own classes into the Parcel (not just SDK classes like
String and so on), then you should supply a ClassLoader for your application
instead; a simple way to obtain one is to just call
getClass().getClassLoader() from your own class.
More information:
http://developer.android.com/reference/android/os/Parcel.html
ParcelCreator
Summary: Missing Parcelable CREATOR field
Priority: 3 / 10
Severity: Error
Category: Correctness
According to the Parcelable interface documentation, "Classes implementing the
Parcelable interface must also have a static field called CREATOR, which is an
object implementing the Parcelable.Creator interface."
More information:
http://developer.android.com/reference/android/os/Parcelable.html
PermissionImpliesUnsupportedHardware
Summary: Permission Implies Unsupported Hardware
Priority: 3 / 10
Severity: Warning
Category: Correctness
The <uses-permission> element should not require a permission that implies an
unsupported TV hardware feature. Google Play assumes that certain hardware
related permissions indicate that the underlying hardware features are
required by default. To fix the issue, consider declaring the corresponding
uses-feature element with required="false" attribute.
More information:
http://developer.android.com/guide/topics/manifest/uses-feature-element.html#permissions
PrivateResource
Summary: Using private resources
Priority: 3 / 10
Severity: Warning
Category: Correctness
Private resources should not be referenced; the may not be present everywhere,
and even where they are they may disappear without notice.
To fix this, copy the resource into your own project instead.
ProguardSplit
Summary: Proguard.cfg file contains generic Android rules
Priority: 3 / 10
Severity: Warning
Category: Correctness
Earlier versions of the Android tools bundled a single proguard.cfg file
containing a ProGuard configuration file suitable for Android shrinking and
obfuscation. However, that version was copied into new projects, which means
that it does not continue to get updated as we improve the default ProGuard
rules for Android.
In the new version of the tools, we have split the ProGuard configuration into
two halves:
- A simple configuration file containing only project-specific flags, in your
project - A generic configuration file containing the recommended set of ProGuard
options for Android projects. This generic file lives in the SDK install
directory which means that it gets updated along with the tools.
In order for this to work, the proguard.config property in the
project.properties file now refers to a path, so you can reference both the
generic file as well as your own (and any additional files too).
To migrate your project to the new setup, create a new proguard-project.txt
file in your project containing any project specific ProGuard flags as well as
any customizations you have made, then update your project.properties file to
contain:
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-projec
.txt
ShiftFlags
Summary: Dangerous Flag Constant Declaration
Priority: 3 / 10
Severity: Warning
Category: Correctness
When defining multiple constants for use in flags, the recommended style is to
use the form 1 << 2, 1 << 3, 1 << 4 and so on to ensure that the constants are
unique and non-overlapping.
SpUsage
Summary: Using dp instead of sp for text sizes
Priority: 3 / 10
Severity: Warning
Category: Correctness
When setting text sizes, you should normally use sp, or "scale-independent
pixels". This is like the dp unit, but it is also scaled by the user's font
size preference. It is recommend you use this unit when specifying font sizes,
so they will be adjusted for both the screen density and the user's
preference.
There are cases where you might need to use dp; typically this happens when
the text is in a container with a specific dp-size. This will prevent the text
from spilling outside the container. Note however that this means that the
user's font size settings are not respected, so consider adjusting the layout
itself to be more flexible.
More information:
http://developer.android.com/training/multiscreen/screendensities.html
SwitchIntDef
Summary: Missing @IntDef in Switch
Priority: 3 / 10
Severity: Warning
Category: Correctness
This check warns if a switch statement does not explicitly include all the
values declared by the typedef @IntDef declaration.
UniqueConstants
Summary: Overlapping Enumeration Constants
Priority: 3 / 10
Severity: Error
Category: Correctness
The @IntDef annotation allows you to create a light-weight "enum" or type
definition. However, it's possible to accidentally specify the same value for
two or more of the values, which can lead to hard-to-detect bugs. This check
looks for this scenario and flags any repeated constants.
In some cases, the repeated constant is intentional (for example, renaming a
constant to a more intuitive name, and leaving the old name in place for
compatibility purposes.) In that case, simply suppress this check by adding a
@SuppressLint("UniqueConstants") annotation.
AccidentalOctal
Summary: Accidental Octal
Priority: 2 / 10
Severity: Error
Category: Correctness
In Groovy, an integer literal that starts with a leading 0 will be interpreted
as an octal number. That is usually (always?) an accident and can lead to
subtle bugs, for example when used in the versionCode of an app.
Deprecated
Summary: Using deprecated resources
Priority: 2 / 10
Severity: Warning
Category: Correctness
Deprecated views, attributes and so on are deprecated because there is a
better way to do something. Do it that new way. You've been warned.
MangledCRLF
Summary: Mangled file line endings
Priority: 2 / 10
Severity: Error
Category: Correctness
NOTE: This issue is disabled by default!
You can enable it by adding --enable MangledCRLF
On Windows, line endings are typically recorded as carriage return plus
newline: \r\n.
This detector looks for invalid line endings with repeated carriage return
characters (without newlines). Previous versions of the ADT plugin could
accidentally introduce these into the file, and when editing the file, the
editor could produce confusing visual artifacts.
More information:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=375421
MissingVersion
Summary: Missing application name/version
Priority: 2 / 10
Severity: Warning
Category: Correctness
You should define the version information for your application.
android:versionCode: An integer value that represents the version of the
application code, relative to other versions.
android:versionName: A string value that represents the release version of the
application code, as it should be shown to users.
More information:
http://developer.android.com/tools/publishing/versioning.html#appversioning
Orientation
Summary: Missing explicit orientation
Priority: 2 / 10
Severity: Error
Category: Correctness
The default orientation of a LinearLayout is horizontal. It's pretty easy to
believe that the layout is vertical, add multiple children to it, and wonder
why only the first child is visible (when the subsequent children are off
screen to the right). This lint rule helps pinpoint this issue by warning
whenever a LinearLayout is used with an implicit orientation and multiple
children.
It also checks for empty LinearLayouts without an orientation attribute that
also defines an id attribute. This catches the scenarios where children will
be added to the LinearLayout dynamically.
PxUsage
Summary: Using 'px' dimension
Priority: 2 / 10
Severity: Warning
Category: Correctness
For performance reasons and to keep the code simpler, the Android system uses
pixels as the standard unit for expressing dimension or coordinate values.
That means that the dimensions of a view are always expressed in the code
using pixels, but always based on the current screen density. For instance, if
myView.getWidth() returns 10, the view is 10 pixels wide on the current
screen, but on a device with a higher density screen, the value returned might
be 15. If you use pixel values in your application code to work with bitmaps
that are not pre-scaled for the current screen density, you might need to
scale the pixel values that you use in your code to match the un-scaled bitmap
source.
More information:
http://developer.android.com/guide/practices/screens_support.html#screen-independence
SupportAnnotationUsage
Summary: Incorrect support annotation usage
Priority: 2 / 10
Severity: Error
Category: Correctness
This lint check makes sure that the support annotations (such as @IntDef and
@ColorInt) are used correctly. For example, it's an error to specify an
@IntRange where the from value is higher than the to value.
Correctness:Messages
StringFormatInvalid
Summary: Invalid format string
Priority: 9 / 10
Severity: Error
Category: Correctness:Messages
If a string contains a '%' character, then the string may be a formatting
string which will be passed to String.format from Java code to replace each
'%' occurrence with specific values.
This lint warning checks for two related problems:
(1) Formatting strings that are invalid, meaning that String.format will throw
exceptions at runtime when attempting to use the format string.
(2) Strings containing '%' that are not formatting strings getting passed to a
String.format call. In this case the '%' will need to be escaped as '%%'.
NOTE: Not all Strings which look like formatting strings are intended for use
by String.format; for example, they may contain date formats intended for
android.text.format.Time#format(). Lint cannot always figure out that a String
is a date format, so you may get false warnings in those scenarios. See the
suppress help topic for information on how to suppress errors in that case.
StringFormatMatches
Summary: String.format string doesn't match the XML format string
Priority: 9 / 10
Severity: Error
Category: Correctness:Messages
This lint check ensures the following:
(1) If there are multiple translations of the format string, then all
translations use the same type for the same numbered arguments
(2) The usage of the format string in Java is consistent with the format
string, meaning that the parameter types passed to String.format matches those
in the format string.
MissingQuantity
Summary: Missing quantity translation
Priority: 8 / 10
Severity: Error
Category: Correctness:Messages
Different languages have different rules for grammatical agreement with
quantity. In English, for example, the quantity 1 is a special case. We write
"1 book", but for any other quantity we'd write "n books". This distinction
between singular and plural is very common, but other languages make finer
distinctions.
This lint check looks at each translation of a <plural> and makes sure that
all the quantity strings considered by the given language are provided by this
translation.
For example, an English translation must provide a string for quantity="one".
Similarly, a Czech translation must provide a string for quantity="few".
More information:
http://developer.android.com/guide/topics/resources/string-resource.html#Plurals
MissingTranslation
Summary: Incomplete translation
Priority: 8 / 10
Severity: Fatal
Category: Correctness:Messages
If an application has more than one locale, then all the strings declared in
one language should also be translated in all other languages.
If the string should not be translated, you can add the attribute
translatable="false" on the <string> element, or you can define all your
non-translatable strings in a resource file called donottranslate.xml. Or, you
can ignore the issue with a tools:ignore="MissingTranslation" attribute.
By default this detector allows regions of a language to just provide a subset
of the strings and fall back to the standard language strings. You can require
all regions to provide a full translation by setting the environment variable
ANDROID_LINT_COMPLETE_REGIONS.
You can tell lint (and other tools) which language is the default language in
your res/values/ folder by specifying tools:locale="languageCode" for the root
<resources> element in your resource file. (The tools prefix refers to the
namespace declaration http://schemas.android.com/tools.)
Typos
Summary: Spelling error
Priority: 7 / 10
Severity: Warning
Category: Correctness:Messages
This check looks through the string definitions, and if it finds any words
that look like likely misspellings, they are flagged.
ExtraTranslation
Summary: Extra translation
Priority: 6 / 10
Severity: Fatal
Category: Correctness:Messages
If a string appears in a specific language translation file, but there is no
corresponding string in the default locale, then this string is probably
unused. (It's technically possible that your application is only intended to
run in a specific locale, but it's still a good idea to provide a fallback.).
Note that these strings can lead to crashes if the string is looked up on any
locale not providing a translation, so it's important to clean them up.
ImpliedQuantity
Summary: Implied Quantities
Priority: 5 / 10
Severity: Error
Category: Correctness:Messages
Plural strings should generally include a %s or %d formatting argument. In
locales like English, the one quantity only applies to a single value, 1, but
that's not true everywhere. For example, in Slovene, the one quantity will
apply to 1, 101, 201, 301, and so on. Similarly, there are locales where
multiple values match the zero and two quantities.
In these locales, it is usually an error to have a message which does not
include a formatting argument (such as '%d'), since it will not be clear from
the grammar what quantity the quantity string is describing.
More information:
http://developer.android.com/guide/topics/resources/string-resource.html#Plurals
PluralsCandidate
Summary: Potential Plurals
Priority: 5 / 10
Severity: Warning
Category: Correctness:Messages
This lint check looks for potential errors in internationalization where you
have translated a message which involves a quantity and it looks like other
parts of the string may need grammatical changes.
For example, rather than something like this:
<string name="try_again">Try again in %d seconds.</string>
you should be using a plural:
<plurals name="try_again">
<item quantity="one">Try again in %d second</item>
<item quantity="other">Try again in %d seconds</item>
</plurals>
This will ensure that in other languages the right set of translations are
provided for the different quantity classes.
(This check depends on some heuristics, so it may not accurately determine
whether a string really should be a quantity. You can use tools:ignore to
filter out false positives.
More information:
http://developer.android.com/guide/topics/resources/string-resource.html#Plurals
StringFormatCount
Summary: Formatting argument types incomplete or inconsistent
Priority: 5 / 10
Severity: Warning
Category: Correctness:Messages
When a formatted string takes arguments, it usually needs to reference the
same arguments in all translations (or all arguments if there are no
translations.
There are cases where this is not the case, so this issue is a warning rather
than an error by default. However, this usually happens when a language is not
translated or updated correctly.
UnusedQuantity
Summary: Unused quantity translations
Priority: 3 / 10
Severity: Warning
Category: Correctness:Messages
Android defines a number of different quantity strings, such as zero, one, few
and many. However, many languages do not distinguish grammatically between all
these different quantities.
This lint check looks at the quantity strings defined for each translation and
flags any quantity strings that are unused (because the language does not make
that quantity distinction, and Android will therefore not look it up.).
For example, in Chinese, only the other quantity is used, so even if you
provide translations for zero and one, these strings will not be returned when
getQuantityString() is called, even with 0 or 1.
More information:
http://developer.android.com/guide/topics/resources/string-resource.html#Plurals
Security
AddJavascriptInterface
Summary: addJavascriptInterface Called
Priority: 9 / 10
Severity: Warning
Category: Security
For applications built for API levels below 17, WebView#addJavascriptInterface
presents a security hazard as JavaScript on the target web page has the
ability to use reflection to access the injected object's public fields and
thus manipulate the host application in unintended ways.
More information:
https://labs.mwrinfosecurity.com/blog/2013/09/24/webview-addjavascriptinterface-remote-code-execution/
GetInstance
Summary: Cipher.getInstance with ECB
Priority: 9 / 10
Severity: Warning
Category: Security
Cipher#getInstance should not be called with ECB as the cipher mode or without
setting the cipher mode because the default mode on android is ECB, which is
insecure.
SecureRandom
Summary: Using a fixed seed with SecureRandom
Priority: 9 / 10
Severity: Warning
Category: Security
Specifying a fixed seed will cause the instance to return a predictable
sequence of numbers. This may be useful for testing but it is not appropriate
for secure use.
More information:
http://developer.android.com/reference/java/security/SecureRandom.html
TrulyRandom
Summary: Weak RNG
Priority: 9 / 10
Severity: Warning
Category: Security
Key generation, signing, encryption, and random number generation may not
receive cryptographically strong values due to improper initialization of the
underlying PRNG on Android 4.3 and below.
If your application relies on cryptographically secure random number
generation you should apply the workaround described in
https://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.htm
.
This lint rule is mostly informational; it does not accurately detect whether
cryptographically secure RNG is required, or whether the workaround has
already been applied. After reading the blog entry and updating your code if
necessary, you can disable this lint issue.
More information:
https://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
VulnerableCordovaVersion
Summary: Vulnerable Cordova Version
Priority: 9 / 10
Severity: Warning
Category: Security
The version of Cordova used in the app is vulnerable to security issues.
Please update to the latest Apache Cordova version.
More information:
https://cordova.apache.org/announcements/2015/11/20/security.html
ExportedPreferenceActivity
Summary: PreferenceActivity should not be exported
Priority: 8 / 10
Severity: Warning
Category: Security
Fragment injection gives anyone who can send your PreferenceActivity an intent
the ability to load any fragment, with any arguments, in your process.
More information:
http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection
JavascriptInterface
Summary: Missing @JavascriptInterface on methods
Priority: 8 / 10
Severity: Error
Category: Security
As of API 17, you must annotate methods in objects registered with the
addJavascriptInterface method with a @JavascriptInterface annotation.
More information:
http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object, java.lang.String)
PackageManagerGetSignatures
Summary: Potential Multiple Certificate Exploit
Priority: 8 / 10
Severity: Information
Category: Security
Improper validation of app signatures could lead to issues where a malicious
app submits itself to the Play Store with both its real certificate and a fake
certificate and gains access to functionality or information it shouldn't have
due to another application only checking for the fake certificate and ignoring
the rest. Please make sure to validate all signatures returned by this
method.
More information:
https://bluebox.com/technical/android-fake-id-vulnerability/
PackagedPrivateKey
Summary: Packaged private key
Priority: 8 / 10
Severity: Fatal
Category: Security
In general, you should not package private key files inside your app.
GrantAllUris
Summary: Content provider shares everything
Priority: 7 / 10
Severity: Warning
Category: Security
The <grant-uri-permission> element allows specific paths to be shared. This
detector checks for a path URL of just '/' (everything), which is probably not
what you want; you should limit access to a subset.
AllowAllHostnameVerifier
Summary: Insecure HostnameVerifier
Priority: 6 / 10
Severity: Warning
Category: Security
This check looks for use of HostnameVerifier implementations whose verify
method always returns true (thus trusting any hostname) which could result in
insecure network traffic caused by trusting arbitrary hostnames in TLS/SSL
certificates presented by peers.
AuthLeak
Summary: Code might contain an auth leak
Priority: 6 / 10
Severity: Warning
Category: Security
Strings in java apps can be discovered by decompiling apps, this lint check
looks for code which looks like it may contain an url with a username and
password
BadHostnameVerifier
Summary: Insecure HostnameVerifier
Priority: 6 / 10
Severity: Warning
Category: Security
This check looks for implementations of HostnameVerifier whose verify method
always returns true (thus trusting any hostname) which could result in
insecure network traffic caused by trusting arbitrary hostnames in TLS/SSL
certificates presented by peers.
EasterEgg
Summary: Code contains easter egg
Priority: 6 / 10
Severity: Warning
Category: Security
NOTE: This issue is disabled by default!
You can enable it by adding --enable EasterEgg
An "easter egg" is code deliberately hidden in the code, both from potential
users and even from other developers. This lint check looks for code which
looks like it may be hidden from sight.
HardwareIds
Summary: Hardware Id Usage
Priority: 6 / 10
Severity: Warning
Category: Security
Using device identifiers is not recommended other than for high value fraud
prevention and advanced telephony use-cases. For advertising use-cases, use
AdvertisingIdClient$Info#getId and for analytics, use InstanceId#getId.
More information:
https://developer.android.com/training/articles/user-data-ids.html
SSLCertificateSocketFactoryCreateSocket
Summary: Insecure call to SSLCertificateSocketFactory.createSocket()
Priority: 6 / 10
Severity: Warning
Category: Security
When SSLCertificateSocketFactory.createSocket() is called with an InetAddress
as the first parameter, TLS/SSL hostname verification is not performed, which
could result in insecure network traffic caused by trusting arbitrary
hostnames in TLS/SSL certificates presented by peers. In this case, developers
must ensure that the InetAddress is explicitly verified against the
certificate through other means, such as by calling
`SSLCertificateSocketFactory.getDefaultHostnameVerifier() to get a
HostnameVerifier and calling HostnameVerifier.verify().
SSLCertificateSocketFactoryGetInsecure
Summary: Call to SSLCertificateSocketFactory.getInsecure()
Priority: 6 / 10
Severity: Warning
Category: Security
The SSLCertificateSocketFactory.getInsecure() method returns an
SSLSocketFactory with all TLS/SSL security checks disabled, which could result
in insecure network traffic caused by trusting arbitrary TLS/SSL certificates
presented by peers. This method should be avoided unless needed for a special
circumstance such as debugging. Instead,
SSLCertificateSocketFactory.getDefault() should be used.
SetJavaScriptEnabled
Summary: Using setJavaScriptEnabled
Priority: 6 / 10
Severity: Warning
Category: Security
Your code should not invoke setJavaScriptEnabled if you are not sure that your
app really requires JavaScript support.
More information:
http://developer.android.com/guide/practices/security.html
SetWorldReadable
Summary: File.setReadable() used to make file world-readable
Priority: 6 / 10
Severity: Warning
Category: Security
Setting files world-readable is very dangerous, and likely to cause security
holes in applications. It is strongly discouraged; instead, applications
should use more formal mechanisms for interactions such as ContentProvider,
BroadcastReceiver, and Service.
SetWorldWritable
Summary: File.setWritable() used to make file world-writable
Priority: 6 / 10
Severity: Warning
Category: Security
Setting files world-writable is very dangerous, and likely to cause security
holes in applications. It is strongly discouraged; instead, applications
should use more formal mechanisms for interactions such as ContentProvider,
BroadcastReceiver, and Service.
TrustAllX509TrustManager
Summary: Insecure TLS/SSL trust manager
Priority: 6 / 10
Severity: Warning
Category: Security
This check looks for X509TrustManager implementations whose checkServerTrusted
or checkClientTrusted methods do nothing (thus trusting any certificate chain)
which could result in insecure network traffic caused by trusting arbitrary
TLS/SSL certificates presented by peers.
UnprotectedSMSBroadcastReceiver
Summary: Unprotected SMS BroadcastReceiver
Priority: 6 / 10
Severity: Warning
Category: Security
BroadcastReceivers that declare an intent-filter for SMS_DELIVER or
SMS_RECEIVED must ensure that the caller has the BROADCAST_SMS permission,
otherwise it is possible for malicious actors to spoof intents.
UnsafeProtectedBroadcastReceiver
Summary: Unsafe Protected BroadcastReceiver
Priority: 6 / 10
Severity: Warning
Category: Security
BroadcastReceivers that declare an intent-filter for a protected-broadcast
action string must check that the received intent's action string matches the
expected value, otherwise it is possible for malicious actors to spoof
intents.
UseCheckPermission
Summary: Using the result of check permission calls
Priority: 6 / 10
Severity: Warning
Category: Security
You normally want to use the result of checking a permission; these methods
return whether the permission is held; they do not throw an error if the
permission is not granted. Code which does not do anything with the return
value probably meant to be calling the enforce methods instead, e.g. rather
than Context#checkCallingPermission it should call
Context#enforceCallingPermission.
UsingHttp
Summary: Using HTTP instead of HTTPS
Priority: 6 / 10
Severity: Warning
Category: Security
The Gradle Wrapper is available both via HTTP and HTTPS. HTTPS is more secure
since it protects against man-in-the-middle attacks etc. Older projects
created in Android Studio used HTTP but we now default to HTTPS and recommend
upgrading existing projects.
WrongConstant
Summary: Incorrect constant
Priority: 6 / 10
Severity: Error
Category: Security
Ensures that when parameter in a method only allows a specific set of
constants, calls obey those rules.
ExportedContentProvider
Summary: Content provider does not require permission
Priority: 5 / 10
Severity: Warning
Category: Security
Content providers are exported by default and any application on the system
can potentially use them to read and write data. If the content provider
provides access to sensitive data, it should be protected by specifying
export=false in the manifest or by protecting it with a permission that can be
granted to other applications.
ExportedReceiver
Summary: Receiver does not require permission
Priority: 5 / 10
Severity: Warning
Category: Security
Exported receivers (receivers which either set exported=true or contain an
intent-filter and do not specify exported=false) should define a permission
that an entity must have in order to launch the receiver or bind to it.
Without this, any application can use this receiver.
ExportedService
Summary: Exported service does not require permission
Priority: 5 / 10
Severity: Warning
Category: Security
Exported services (services which either set exported=true or contain an
intent-filter and do not specify exported=false) should define a permission
that an entity must have in order to launch the service or bind to it. Without
this, any application can use this service.
HardcodedDebugMode
Summary: Hardcoded value of android:debuggable in the manifest
Priority: 5 / 10
Severity: Fatal
Category: Security
It's best to leave out the android:debuggable attribute from the manifest. If
you do, then the tools will automatically insert android:debuggable=true when
building an APK to debug on an emulator or device. And when you perform a
release build, such as Exporting APK, it will automatically set it to false.
If on the other hand you specify a specific value in the manifest file, then
the tools will always use it. This can lead to accidentally publishing your
app with debug information.
InvalidPermission
Summary: Invalid Permission Attribute
Priority: 5 / 10
Severity: Error
Category: Security
Not all elements support the permission attribute. If a permission is set on
an invalid element, it is a no-op and ignored. Ensure that this permission
attribute was set on the correct element to protect the correct component.
SignatureOrSystemPermissions
Summary: signatureOrSystem permissions declared
Priority: 5 / 10
Severity: Warning
Category: Security
The signature protection level should probably be sufficient for most needs
and works regardless of where applications are installed. The
signatureOrSystem level is used for certain situations where multiple vendors
have applications built into a system image and need to share specific
features explicitly because they are being built together.
UnsafeDynamicallyLoadedCode
Summary: load used to dynamically load code
Priority: 4 / 10
Severity: Warning
Category: Security
Dynamically loading code from locations other than the application's library
directory or the Android platform's built-in library directories is dangerous,
as there is an increased risk that the code could have been tampered with.
Applications should use loadLibrary when possible, which provides increased
assurance that libraries are loaded from one of these safer locations.
Application developers should use the features of their development
environment to place application native libraries into the lib directory of
their compiled APKs.
UnsafeNativeCodeLocation
Summary: Native code outside library directory
Priority: 4 / 10
Severity: Warning
Category: Security
In general, application native code should only be placed in the application's
library directory, not in other locations such as the res or assets
directories. Placing the code in the library directory provides increased
assurance that the code will not be tampered with after application
installation. Application developers should use the features of their
development environment to place application native libraries into the lib
directory of their compiled APKs. Embedding non-shared library native
executables into applications should be avoided when possible.
WorldReadableFiles
Summary: openFileOutput() or similar call passing MODE_WORLD_READABLE
Priority: 4 / 10
Severity: Warning
Category: Security
There are cases where it is appropriate for an application to write world
readable files, but these should be reviewed carefully to ensure that they
contain no private data that is leaked to other applications.
WorldWriteableFiles
Summary: openFileOutput() or similar call passing MODE_WORLD_WRITEABLE
Priority: 4 / 10
Severity: Warning
Category: Security
There are cases where it is appropriate for an application to write world
writeable files, but these should be reviewed carefully to ensure that they
contain no private data, and that if the file is modified by a malicious
application it does not trick or compromise your application.
AllowBackup
Summary: AllowBackup/FullBackupContent Problems
Priority: 3 / 10
Severity: Warning
Category: Security
The allowBackup attribute determines if an application's data can be backed up
and restored. It is documented at
http://developer.android.com/reference/android/R.attr.html#allowBackup
By default, this flag is set to true. When this flag is set to true,
application data can be backed up and restored by the user using adb backup
and adb restore.
This may have security consequences for an application. adb backup allows
users who have enabled USB debugging to copy application data off of the
device. Once backed up, all application data can be read by the user. adb
restore allows creation of application data from a source specified by the
user. Following a restore, applications should not assume that the data, file
permissions, and directory permissions were created by the application
itself.
Setting allowBackup="false" opts an application out of both backup and
restore.
To fix this warning, decide whether your application should support backup,
and explicitly set android:allowBackup=(true|false)".
If not set to false, and if targeting API 23 or later, lint will also warn
that you should set android:fullBackupContent to configure auto backup.
More information:
https://developer.android.com/training/backup/autosyncapi.html
http://developer.android.com/reference/android/R.attr.html#allowBackup
Performance
DrawAllocation
Summary: Memory allocations within drawing code
Priority: 9 / 10
Severity: Warning
Category: Performance
You should avoid allocating objects during a drawing or layout operation.
These are called frequently, so a smooth UI can be interrupted by garbage
collection pauses caused by the object allocations.
The way this is generally handled is to allocate the needed objects up front
and to reuse them for each drawing operation.
Some methods allocate memory on your behalf (such as Bitmap.create), and these
should be handled in the same way.
Wakelock
Summary: Incorrect WakeLock usage
Priority: 9 / 10
Severity: Warning
Category: Performance
Failing to release a wakelock properly can keep the Android device in a high
power mode, which reduces battery life. There are several causes of this, such
as releasing the wake lock in onDestroy() instead of in onPause(), failing to
call release() in all possible code paths after an acquire(), and so on.
NOTE: If you are using the lock just to keep the screen on, you should
strongly consider using FLAG_KEEP_SCREEN_ON instead. This window flag will be
correctly managed by the platform as the user moves between applications and
doesn't require a special permission. See
http://developer.android.com/reference/android/view/WindowManager.LayoutParams
html#FLAG_KEEP_SCREEN_ON.
Recycle
Summary: Missing recycle() calls
Priority: 7 / 10
Severity: Warning
Category: Performance
Many resources, such as TypedArrays, VelocityTrackers, etc., should be
recycled (with a recycle() call) after use. This lint check looks for missing
recycle() calls.
ObsoleteLayoutParam
Summary: Obsolete layout params
Priority: 6 / 10
Severity: Warning
Category: Performance
The given layout_param is not defined for the given layout, meaning it has no
effect. This usually happens when you change the parent layout or move view
code around without updating the layout params. This will cause useless
attribute processing at runtime, and is misleading for others reading the
layout so the parameter should be removed.
ObsoleteSdkInt
Summary: Obsolete SDK_INT Version Check
Priority: 6 / 10
Severity: Warning
Category: Performance
This check flags version checks that are not necessary, because the
minSdkVersion (or surrounding known API level) is already at least as high as
the version checked for.
StaticFieldLeak
Summary: Static Field Leaks
Priority: 6 / 10
Severity: Warning
Category: Performance
A static field will leak contexts.
UseCompoundDrawables
Summary: Node can be replaced by a TextView with compound drawables
Priority: 6 / 10
Severity: Warning
Category: Performance
A LinearLayout which contains an ImageView and a TextView can be more
efficiently handled as a compound drawable (a single TextView, using the
drawableTop, drawableLeft, drawableRight and/or drawableBottom attributes to
draw one or more images adjacent to the text).
If the two widgets are offset from each other with margins, this can be
replaced with a drawablePadding attribute.
There's a lint quickfix to perform this conversion in the Eclipse plugin.
ViewTag
Summary: Tagged object leaks
Priority: 6 / 10
Severity: Warning
Category: Performance
Prior to Android 4.0, the implementation of View.setTag(int, Object) would
store the objects in a static map, where the values were strongly referenced.
This means that if the object contains any references pointing back to the
context, the context (which points to pretty much everything else) will leak.
If you pass a view, the view provides a reference to the context that created
it. Similarly, view holders typically contain a view, and cursors are
sometimes also associated with views.
WearableBindListener
Summary: Usage of Android Wear BIND_LISTENER is deprecated
Priority: 6 / 10
Severity: Fatal
Category: Performance
BIND_LISTENER receives all Android Wear events whether the application needs
them or not. This can be inefficient and cause applications to wake up
unnecessarily. With Google Play Services 8.2.0 or later it is recommended to
use a more efficient combination of manifest listeners and api-based live
listeners filtered by action, path and/or path prefix.
More information:
http://tools.android.com/tech-docs/bind-listener
LogConditional
Summary: Unconditional Logging Calls
Priority: 5 / 10
Severity: Warning
Category: Performance
NOTE: This issue is disabled by default!
You can enable it by adding --enable LogConditional
The BuildConfig class (available in Tools 17) provides a constant, "DEBUG",
which indicates whether the code is being built in release mode or in debug
mode. In release mode, you typically want to strip out all the logging calls.
Since the compiler will automatically remove all code which is inside a "if
(false)" check, surrounding your logging calls with a check for
BuildConfig.DEBUG is a good idea.
If you really intend for the logging to be present in release mode, you can
suppress this warning with a @SuppressLint annotation for the intentional
logging calls.
ViewHolder
Summary: View Holder Candidates
Priority: 5 / 10
Severity: Warning
Category: Performance
When implementing a view Adapter, you should avoid unconditionally inflating a
new layout; if an available item is passed in for reuse, you should try to use
that one instead. This helps make for example ListView scrolling much
smoother.
More information:
http://developer.android.com/training/improving-layouts/smooth-scrolling.html#ViewHolder
AnimatorKeep
Summary: Missing @Keep for Animated Properties
Priority: 4 / 10
Severity: Warning
Category: Performance
When you use property animators, properties can be accessed via reflection.
Those methods should be annotated with @Keep to ensure that during release
builds, the methods are not potentially treated as unused and removed, or
treated as internal only and get renamed to something shorter.
This check will also flag other potential reflection problems it encounters,
such as a missing property, wrong argument types, etc.
DuplicateDivider
Summary: Unnecessary Divider Copy
Priority: 4 / 10
Severity: Warning
Category: Performance
Older versions of the RecyclerView library did not include a divider
decorator, but one was provided as a sample in the support demos. This divider
class has been widely copy/pasted into various projects.
In recent versions of the support library, the divider decorator is now
included, so you can replace custom copies with the "built-in" version,
android.support.v7.widget.DividerItemDecoration.
FieldGetter
Summary: Using getter instead of field
Priority: 4 / 10
Severity: Warning
Category: Performance
NOTE: This issue is disabled by default!
You can enable it by adding --enable FieldGetter
Accessing a field within the class that defines a getter for that field is at
least 3 times faster than calling the getter. For simple getters that do
nothing other than return the field, you might want to just reference the
local field directly instead.
NOTE: As of Android 2.3 (Gingerbread), this optimization is performed
automatically by Dalvik, so there is no need to change your code; this is only
relevant if you are targeting older versions of Android.
More information:
http://developer.android.com/guide/practices/design/performance.html#internal_get_set
HandlerLeak
Summary: Handler reference leaks
Priority: 4 / 10
Severity: Warning
Category: Performance
Since this Handler is declared as an inner class, it may prevent the outer
class from being garbage collected. If the Handler is using a Looper or
MessageQueue for a thread other than the main thread, then there is no issue.
If the Handler is using the Looper or MessageQueue of the main thread, you
need to fix your Handler declaration, as follows: Declare the Handler as a
static class; In the outer class, instantiate a WeakReference to the outer
class and pass this object to your Handler when you instantiate the Handler;
Make all references to members of the outer class using the WeakReference
object.
MergeRootFrame
Summary: FrameLayout can be replaced with <merge> tag
Priority: 4 / 10
Severity: Warning
Category: Performance
If a <FrameLayout> is the root of a layout and does not provide background or
padding etc, it can often be replaced with a <merge> tag which is slightly
more efficient. Note that this depends on context, so make sure you understand
how the <merge> tag works before proceeding.
More information:
http://android-developers.blogspot.com/2009/03/android-layout-tricks-3-optimize-by.html
UseOfBundledGooglePlayServices
Summary: Use of bundled version of Google Play services
Priority: 4 / 10
Severity: Warning
Category: Performance
Google Play services SDK's can be selectively included, which enables a
smaller APK size. Consider declaring dependencies on individual Google Play
services SDK's. If you are using Firebase API's
(http://firebase.google.com/docs/android/setup), Android Studio's Tools \u2192
Firebase assistant window can automatically add just the dependencies needed
for each feature.
More information:
http://developers.google.com/android/guides/setup#split
UseSparseArrays
Summary: HashMap can be replaced with SparseArray
Priority: 4 / 10
Severity: Warning
Category: Performance
For maps where the keys are of type integer, it's typically more efficient to
use the Android SparseArray API. This check identifies scenarios where you
might want to consider using SparseArray instead of HashMap for better
performance.
This is particularly useful when the value types are primitives like ints,
where you can use SparseIntArray and avoid auto-boxing the values from int to
Integer.
If you need to construct a HashMap because you need to call an API outside of
your control which requires a Map, you can suppress this warning using for
example the @SuppressLint annotation.
UseValueOf
Summary: Should use valueOf instead of new
Priority: 4 / 10
Severity: Warning
Category: Performance
You should not call the constructor for wrapper classes directly, such asnew Integer(42)
. Instead, call the valueOf factory method, such as
Integer.valueOf(42). This will typically use less memory because common
integers such as 0 and 1 will share a single instance.
DisableBaselineAlignment
Summary: Missing baselineAligned attribute
Priority: 3 / 10
Severity: Warning
Category: Performance
When a LinearLayout is used to distribute the space proportionally between
nested layouts, the baseline alignment property should be turned off to make
the layout computation faster.
FloatMath
Summary: Using FloatMath instead of Math
Priority: 3 / 10
Severity: Warning
Category: Performance
In older versions of Android, using android.util.FloatMath was recommended for
performance reasons when operating on floats. However, on modern hardware
doubles are just as fast as float (though they take more memory), and in
recent versions of Android, FloatMath is actually slower than using
java.lang.Math due to the way the JIT optimizes java.lang.Math. Therefore, you
should use Math instead of FloatMath if you are only targeting Froyo and
above.
More information:
http://developer.android.com/guide/practices/design/performance.html#avoidfloat
InefficientWeight
Summary: Inefficient layout weight
Priority: 3 / 10
Severity: Warning
Category: Performance
When only a single widget in a LinearLayout defines a weight, it is more
efficient to assign a width/height of 0dp to it since it will absorb all the
remaining space anyway. With a declared width/height of 0dp it does not have
to measure its own size first.
NestedWeights
Summary: Nested layout weights
Priority: 3 / 10
Severity: Warning
Category: Performance
Layout weights require a widget to be measured twice. When a LinearLayout with
non-zero weights is nested inside another LinearLayout with non-zero weights,
then the number of measurements increase exponentially.
Overdraw
Summary: Overdraw: Painting regions more than once
Priority: 3 / 10
Severity: Warning
Category: Performance
If you set a background drawable on a root view, then you should use a custom
theme where the theme background is null. Otherwise, the theme background will
be painted first, only to have your custom background completely cover it;
this is called "overdraw".
NOTE: This detector relies on figuring out which layouts are associated with
which activities based on scanning the Java code, and it's currently doing
that using an inexact pattern matching algorithm. Therefore, it can
incorrectly conclude which activity the layout is associated with and then
wrongly complain that a background-theme is hidden.
If you want your custom background on multiple pages, then you should consider
making a custom theme with your custom background and just using that theme
instead of a root element background.
Of course it's possible that your custom drawable is translucent and you want
it to be mixed with the background. However, you will get better performance
if you pre-mix the background with your drawable and use that resulting image
or color as a custom theme background instead.
UnusedResources
Summary: Unused resources
Priority: 3 / 10
Severity: Warning
Category: Performance
Unused resources make applications larger and slow down builds.
UselessLeaf
Summary: Useless leaf layout
Priority: 2 / 10
Severity: Warning
Category: Performance
A layout that has no children or no background can often be removed (since it
is invisible) for a flatter and more efficient layout hierarchy.
UselessParent
Summary: Useless parent layout
Priority: 2 / 10
Severity: Warning
Category: Performance
A layout with children that has no siblings, is not a scrollview or a root
layout, and does not have a background, can be removed and have its children
moved directly into the parent for a flatter and more efficient layout
hierarchy.
TooDeepLayout
Summary: Layout hierarchy is too deep
Priority: 1 / 10
Severity: Warning
Category: Performance
Layouts with too much nesting is bad for performance. Consider using a flatter
layout (such as RelativeLayout or GridLayout).The default maximum depth is 10
but can be configured with the environment variable ANDROID_LINT_MAX_DEPTH.
TooManyViews
Summary: Layout has too many views
Priority: 1 / 10
Severity: Warning
Category: Performance
Using too many views in a single layout is bad for performance. Consider using
compound drawables or other tricks for reducing the number of views in this
layout.
The maximum view count defaults to 80 but can be configured with the
environment variable ANDROID_LINT_MAX_VIEW_COUNT.
UnusedIds
Summary: Unused id
Priority: 1 / 10
Severity: Warning
Category: Performance
NOTE: This issue is disabled by default!
You can enable it by adding --enable UnusedIds
This resource id definition appears not to be needed since it is not
referenced from anywhere. Having id definitions, even if unused, is not
necessarily a bad idea since they make working on layouts and menus easier, so
there is not a strong reason to delete these.
UnusedNamespace
Summary: Unused namespace
Priority: 1 / 10
Severity: Warning
Category: Performance
Unused namespace declarations take up space and require processing that is not
necessary
Usability:Typography
AllCaps
Summary: Combining textAllCaps and markup
Priority: 8 / 10
Severity: Warning
Category: Usability:Typography
The textAllCaps text transform will end up calling toString on the
CharSequence, which has the net effect of removing any markup such as <b>.
This check looks for usages of strings containing markup that also specify
textAllCaps=true.
TypographyDashes
Summary: Hyphen can be replaced with dash
Priority: 5 / 10
Severity: Warning
Category: Usability:Typography
The "n dash" (–, –) and the "m dash" (—, —) characters are used
for ranges (n dash) and breaks (m dash). Using these instead of plain hyphens
can make text easier to read and your application will look more polished.
More information:
http://en.wikipedia.org/wiki/Dash
TypographyEllipsis
Summary: Ellipsis string can be replaced with ellipsis character
Priority: 5 / 10
Severity: Warning
Category: Usability:Typography
You can replace the string "..." with a dedicated ellipsis character, ellipsis
character (…, …). This can help make the text more readable.
More information:
http://en.wikipedia.org/wiki/Ellipsis
TypographyFractions
Summary: Fraction string can be replaced with fraction character
Priority: 5 / 10
Severity: Warning
Category: Usability:Typography
You can replace certain strings, such as 1/2, and 1/4, with dedicated
characters for these, such as ? (?) and ? (?). This can help make
the text more readable.
More information:
http://en.wikipedia.org/wiki/Number_Forms
TypographyQuotes
Summary: Straight quotes can be replaced with curvy quotes
Priority: 5 / 10
Severity: Warning
Category: Usability:Typography
NOTE: This issue is disabled by default!
You can enable it by adding --enable TypographyQuotes
Straight single quotes and double quotes, when used as a pair, can be replaced
by "curvy quotes" (or directional quotes). This can make the text more
readable.
Note that you should never use grave accents and apostrophes to quote, `like
this'.
(Also note that you should not use curvy quotes for code fragments.)
More information:
http://en.wikipedia.org/wiki/Quotation_mark
TypographyOther
Summary: Other typographical problems
Priority: 3 / 10
Severity: Warning
Category: Usability:Typography
This check looks for miscellaneous typographical problems and offers
replacement sequences that will make the text easier to read and your
application more polished.
Usability:Icons
IconNoDpi
Summary: Icon appears in both -nodpi and dpi folders
Priority: 7 / 10
Severity: Warning
Category: Usability:Icons
Bitmaps that appear in drawable-nodpi folders will not be scaled by the
Android framework. If a drawable resource of the same name appears both in a
-nodpi folder as well as a dpi folder such as drawable-hdpi, then the behavior
is ambiguous and probably not intentional. Delete one or the other, or use
different names for the icons.
IconXmlAndPng
Summary: Icon is specified both as .xml file and as a bitmap
Priority: 7 / 10
Severity: Warning
Category: Usability:Icons
If a drawable resource appears as an .xml file in the drawable/ folder, it's
usually not intentional for it to also appear as a bitmap using the same name;
generally you expect the drawable XML file to define states and each state has
a corresponding drawable bitmap.
IconColors
Summary: Icon colors do not follow the recommended visual style
Priority: 6 / 10
Severity: Warning
Category: Usability:Icons
Notification icons and Action Bar icons should only white and shades of gray.
See the Android Design Guide for more details. Note that the way Lint decides
whether an icon is an action bar icon or a notification icon is based on the
filename prefix: ic_menu_ for action bar icons, ic_stat_ for notification
icons etc. These correspond to the naming conventions documented in
http://developer.android.com/guide/practices/ui_guidelines/icon_design.html
More information:
http://developer.android.com/design/style/iconography.html
IconLauncherShape
Summary: The launcher icon shape should use a distinct silhouette
Priority: 6 / 10
Severity: Warning
Category: Usability:Icons
According to the Android Design Guide
(http://developer.android.com/design/style/iconography.html) your launcher
icons should "use a distinct silhouette", a "three-dimensional, front view,
with a slight perspective as if viewed from above, so that users perceive some
depth."
The unique silhouette implies that your launcher icon should not be a filled
square.
More information:
http://developer.android.com/design/style/iconography.html
GifUsage
Summary: Using .gif format for bitmaps is discouraged
Priority: 5 / 10
Severity: Warning
Category: Usability:Icons
The .gif file format is discouraged. Consider using .png (preferred) or .jpg
(acceptable) instead.
More information:
http://developer.android.com/guide/topics/resources/drawable-resource.html#Bitmap
IconDipSize
Summary: Icon density-independent size validation
Priority: 5 / 10
Severity: Warning
Category: Usability:Icons
Checks the all icons which are provided in multiple densities, all compute to
roughly the same density-independent pixel (dip) size. This catches errors
where images are either placed in the wrong folder, or icons are changed to
new sizes but some folders are forgotten.
IconDuplicatesConfig
Summary: Identical bitmaps across various configurations
Priority: 5 / 10
Severity: Warning
Category: Usability:Icons
If an icon is provided under different configuration parameters such as
drawable-hdpi or -v11, they should typically be different. This detector
catches cases where the same icon is provided in different configuration
folder which is usually not intentional.
IconExpectedSize
Summary: Icon has incorrect size
Priority: 5 / 10
Severity: Warning
Category: Usability:Icons
NOTE: This issue is disabled by default!
You can enable it by adding --enable IconExpectedSize
There are predefined sizes (for each density) for launcher icons. You should
follow these conventions to make sure your icons fit in with the overall look
of the platform.
More information:
http://developer.android.com/design/style/iconography.html
IconLocation
Summary: Image defined in density-independent drawable folder
Priority: 5 / 10
Severity: Warning
Category: Usability:Icons
The res/drawable folder is intended for density-independent graphics such as
shapes defined in XML. For bitmaps, move it to drawable-mdpi and consider
providing higher and lower resolution versions in drawable-ldpi, drawable-hdpi
and drawable-xhdpi. If the icon really is density independent (for example a
solid color) you can place it in drawable-nodpi.
More information:
http://developer.android.com/guide/practices/screens_support.html
IconMixedNinePatch
Summary: Clashing PNG and 9-PNG files
Priority: 5 / 10
Severity: Warning
Category: Usability:Icons
If you accidentally name two separate resources file.png and file.9.png, the
image file and the nine patch file will both map to the same drawable
resource, @drawable/file, which is probably not what was intended.
MipmapIcons
Summary: Use Mipmap Launcher Icons
Priority: 5 / 10
Severity: Warning
Category: Usability:Icons
Launcher icons should be provided in the mipmap resource directory. This is
the same as the drawable resource directory, except resources in the mipmap
directory will not get stripped out when creating density-specific APKs.
In certain cases, the Launcher app may use a higher resolution asset (than
would normally be computed for the device) to display large app shortcuts. If
drawables for densities other than the device's resolution have been stripped
out, then the app shortcut could appear blurry.
To fix this, move your launcher icons from drawable-
dpi to mipmap-
dpi and
change references from @drawable/ and R.drawable to @mipmap/ and R.mipmap.
In Android Studio this lint warning has a quickfix to perform this
automatically.
MissingApplicationIcon
Summary: Missing application icon
Priority: 5 / 10
Severity: Warning
Category: Usability:Icons
You should set an icon for the application as whole because there is no
default. This attribute must be set as a reference to a drawable resource
containing the image (for example @drawable/icon).
More information:
http://developer.android.com/tools/publishing/preparing.html#publishing-configure
IconDensities
Summary: Icon densities validation
Priority: 4 / 10
Severity: Warning
Category: Usability:Icons
Icons will look best if a custom version is provided for each of the major
screen density classes (low, medium, high, extra high). This lint check
identifies icons which do not have complete coverage across the densities.
Low density is not really used much anymore, so this check ignores the ldpi
density. To force lint to include it, set the environment variable
ANDROID_LINT_INCLUDE_LDPI=true. For more information on current density usage,
see http://developer.android.com/resources/dashboard/screens.html
More information:
http://developer.android.com/guide/practices/screens_support.html
IconDuplicates
Summary: Duplicated icons under different names
Priority: 3 / 10
Severity: Warning
Category: Usability:Icons
If an icon is repeated under different names, you can consolidate and just use
one of the icons and delete the others to make your application smaller.
However, duplicated icons usually are not intentional and can sometimes point
to icons that were accidentally overwritten or accidentally not updated.
IconExtension
Summary: Icon format does not match the file extension
Priority: 3 / 10
Severity: Warning
Category: Usability:Icons
Ensures that icons have the correct file extension (e.g. a .png file is really
in the PNG format and not for example a GIF file named .png.)
IconMissingDensityFolder
Summary: Missing density folder
Priority: 3 / 10
Severity: Warning
Category: Usability:Icons
Icons will look best if a custom version is provided for each of the major
screen density classes (low, medium, high, extra-high, extra-extra-high). This
lint check identifies folders which are missing, such as drawable-hdpi.
Low density is not really used much anymore, so this check ignores the ldpi
density. To force lint to include it, set the environment variable
ANDROID_LINT_INCLUDE_LDPI=true. For more information on current density usage,
see http://developer.android.com/resources/dashboard/screens.html
More information:
http://developer.android.com/guide/practices/screens_support.html
Usability
ButtonOrder
Summary: Button order
Priority: 8 / 10
Severity: Warning
Category: Usability
According to the Android Design Guide,
"Action buttons are typically Cancel and/or OK, with OK indicating the
preferred or most likely action. However, if the options consist of specific
actions such as Close or Wait rather than a confirmation or cancellation of
the action described in the content, then all the buttons should be active
verbs. As a rule, the dismissive action of a dialog is always on the left
whereas the affirmative actions are on the right."
This check looks for button bars and buttons which look like cancel buttons,
and makes sure that these are on the left.
More information:
http://developer.android.com/design/building-blocks/dialogs.html
SelectableText
Summary: Dynamic text should probably be selectable
Priority: 7 / 10
Severity: Warning
Category: Usability
NOTE: This issue is disabled by default!
You can enable it by adding --enable SelectableText
If a <TextView> is used to display data, the user might want to copy that data
and paste it elsewhere. To allow this, the <TextView> should specify
android:textIsSelectable="true".
This lint check looks for TextViews which are likely to be displaying data:
views whose text is set dynamically. This value will be ignored on platforms
older than API 11, so it is okay to set it regardless of your minSdkVersion.
BackButton
Summary: Back button
Priority: 6 / 10
Severity: Warning
Category: Usability
NOTE: This issue is disabled by default!
You can enable it by adding --enable BackButton
According to the Android Design Guide,
"Other platforms use an explicit back button with label to allow the user to
navigate up the application's hierarchy. Instead, Android uses the main action
bar's app icon for hierarchical navigation and the navigation bar's back
button for temporal navigation."
This check is not very sophisticated (it just looks for buttons with the label
"Back"), so it is disabled by default to not trigger on common scenarios like
pairs of Back/Next buttons to paginate through screens.
More information:
http://developer.android.com/design/patterns/pure-android.html
ButtonStyle
Summary: Button should be borderless
Priority: 5 / 10
Severity: Warning
Category: Usability
Button bars typically use a borderless style for the buttons. Set the
style="?android:attr/buttonBarButtonStyle" attribute on each of the buttons,
and set style="?android:attr/buttonBarStyle" on the parent layout
More information:
http://developer.android.com/design/building-blocks/buttons.html
GoogleAppIndexingApiWarning
Summary: Missing support for Firebase App Indexing Api
Priority: 5 / 10
Severity: Warning
Category: Usability
NOTE: This issue is disabled by default!
You can enable it by adding --enable GoogleAppIndexingApiWarning
Adds URLs to get your app into the Google index, to get installs and traffic
to your app from Google Search.
More information:
https://g.co/AppIndexing/AndroidStudio
GoogleAppIndexingUrlError
Summary: URL not supported by app for Firebase App Indexing
Priority: 5 / 10
Severity: Error
Category: Usability
Ensure the URL is supported by your app, to get installs and traffic to your
app from Google Search.
More information:
https://g.co/AppIndexing/AndroidStudio
GoogleAppIndexingWarning
Summary: Missing support for Firebase App Indexing
Priority: 5 / 10
Severity: Warning
Category: Usability
Adds URLs to get your app into the Google index, to get installs and traffic
to your app from Google Search.
More information:
https://g.co/AppIndexing/AndroidStudio
MenuTitle
Summary: Missing menu title
Priority: 5 / 10
Severity: Error
Category: Usability
From the action bar documentation:
"It's important that you always define android:title for each menu item — even
if you don't declare that the title appear with the action item — for three
reasons:
- If there's not enough room in the action bar for the action item, the menu
item appears in the overflow menu and only the title appears. - Screen readers for sight-impaired users read the menu item's title.
- If the action item appears with only the icon, a user can long-press the
item to reveal a tool-tip that displays the action item's title.
The android:icon is always optional, but recommended.
More information:
http://developer.android.com/guide/topics/ui/actionbar.html
TextFields
Summary: Missing inputType or hint
Priority: 5 / 10
Severity: Warning
Category: Usability
Providing an inputType attribute on a text field improves usability because
depending on the data to be input, optimized keyboards can be shown to the
user (such as just digits and parentheses for a phone number). Similarly,a
hint attribute displays a hint to the user for what is expected in the text
field.
The lint detector also looks at the id of the view, and if the id offers a
hint of the purpose of the field (for example, the id contains the phrase
phone or email), then lint will also ensure that the inputType contains the
corresponding type attributes.
If you really want to keep the text field generic, you can suppress this
warning by setting inputType="text".
NegativeMargin
Summary: Negative Margins
Priority: 4 / 10
Severity: Warning
Category: Usability
NOTE: This issue is disabled by default!
You can enable it by adding --enable NegativeMargin
Margin values should be positive. Negative values are generally a sign that
you are making assumptions about views surrounding the current one, or may be
tempted to turn off child clipping to allow a view to escape its parent.
Turning off child clipping to do this not only leads to poor graphical
performance, it also results in wrong touch event handling since touch events
are based strictly on a chain of parent-rect hit tests. Finally, making
assumptions about the size of strings can lead to localization problems.
SmallSp
Summary: Text size is too small
Priority: 4 / 10
Severity: Warning
Category: Usability
Avoid using sizes smaller than 12sp.
AlwaysShowAction
Summary: Usage of showAsAction=always
Priority: 3 / 10
Severity: Warning
Category: Usability
Using showAsAction="always" in menu XML, or MenuItem.SHOW_AS_ACTION_ALWAYS in
Java code is usually a deviation from the user interface style guide.Use
ifRoom or the corresponding MenuItem.SHOW_AS_ACTION_IF_ROOM instead.
If always is used sparingly there are usually no problems and behavior is
roughly equivalent to ifRoom but with preference over other ifRoom items.
Using it more than twice in the same menu is a bad idea.
This check looks for menu XML files that contain more than two always actions,
or some always actions and no ifRoom actions. In Java code, it looks for
projects that contain references to MenuItem.SHOW_AS_ACTION_ALWAYS and no
references to MenuItem.SHOW_AS_ACTION_IF_ROOM.
More information:
http://developer.android.com/design/patterns/actionbar.html
ViewConstructor
Summary: Missing View constructors for XML inflation
Priority: 3 / 10
Severity: Warning
Category: Usability
Some layout tools (such as the Android layout editor) need to find a
constructor with one of the following signatures:
- View(Context context)
- View(Context context, AttributeSet attrs)
- View(Context context, AttributeSet attrs, int defStyle)
If your custom view needs to perform initialization which does not apply when
used in a layout editor, you can surround the given code with a check to see
if View#isInEditMode() is false, since that method will return false at
runtime but true within a user interface editor.
ButtonCase
Summary: Cancel/OK dialog button capitalization
Priority: 2 / 10
Severity: Warning
Category: Usability
The standard capitalization for OK/Cancel dialogs is "OK" and "Cancel". To
ensure that your dialogs use the standard strings, you can use the resource
strings @android:string/ok and @android:string/cancel.
Accessibility
ClickableViewAccessibility
Summary: Accessibility in Custom Views
Priority: 6 / 10
Severity: Warning
Category: Accessibility
If a View that overrides onTouchEvent or uses an OnTouchListener does not also
implement performClick and call it when clicks are detected, the View may not
handle accessibility actions properly. Logic handling the click actions should
ideally be placed in View#performClick as some accessibility services invoke
performClick when a click action should occur.
ContentDescription
Summary: Image without contentDescription
Priority: 3 / 10
Severity: Warning
Category: Accessibility
Non-textual widgets like ImageViews and ImageButtons should use the
contentDescription attribute to specify a textual description of the widget
such that screen readers and other accessibility tools can adequately describe
the user interface.
Note that elements in application screens that are purely decorative and do
not provide any content or enable a user action should not have accessibility
content descriptions. In this case, just suppress the lint warning with a
tools:ignore="ContentDescription" attribute.
Note that for text fields, you should not set both the hint and the
contentDescription attributes since the hint will never be shown. Just set the
hint. See
http://developer.android.com/guide/topics/ui/accessibility/checklist.html#spec
al-cases.
LabelFor
Summary: Missing labelFor attribute
Priority: 2 / 10
Severity: Warning
Category: Accessibility
Text fields should be labelled with a labelFor attribute, provided your
minSdkVersion is at least 17.
If your view is labeled but by a label in a different layout which includes
this one, just suppress this warning from lint.
Internationalization
ByteOrderMark
Summary: Byte order mark inside files
Priority: 8 / 10
Severity: Fatal
Category: Internationalization
Lint will flag any byte-order-mark (BOM) characters it finds in the middle of
a file. Since we expect files to be encoded with UTF-8 (see the EnforceUTF8
issue), the BOM characters are not necessary, and they are not handled
correctly by all tools. For example, if you have a BOM as part of a resource
name in one particular translation, that name will not be considered identical
to the base resource's name and the translation will not be used.
More information:
http://en.wikipedia.org/wiki/Byte_order_mark
SetTextI18n
Summary: TextView Internationalization
Priority: 6 / 10
Severity: Warning
Category: Internationalization
When calling TextView#setText
- Never call Number#toString() to format numbers; it will not handle fraction
separators and locale-specific digits properly. Consider using String#format
with proper format specifications (%d or %f) instead. - Do not pass a string literal (e.g. "Hello") to display text. Hardcoded text
can not be properly translated to other languages. Consider using Android
resource strings instead. - Do not build messages by concatenating text chunks. Such messages can not be
properly translated.
More information:
http://developer.android.com/guide/topics/resources/localization.html
EnforceUTF8
Summary: Encoding used in resource files is not UTF-8
Priority: 5 / 10
Severity: Fatal
Category: Internationalization
XML supports encoding in a wide variety of character sets. However, not all
tools handle the XML encoding attribute correctly, and nearly all Android apps
use UTF-8, so by using UTF-8 you can protect yourself against subtle bugs when
using non-ASCII characters.
In particular, the Android Gradle build system will merge resource XML files
assuming the resource files are using UTF-8 encoding.
HardcodedText
Summary: Hardcoded text
Priority: 5 / 10
Severity: Warning
Category: Internationalization
Hardcoding text attributes directly in layout files is bad for several
reasons:
When creating configuration variations (for example for landscape or
portrait)you have to repeat the actual text (and keep it up to date when
making changes)The application cannot be translated to other languages by just adding new
translations for existing string resources.
There are quickfixes to automatically extract this hardcoded string into a
resource lookup.
RelativeOverlap
Summary: Overlapping items in RelativeLayout
Priority: 3 / 10
Severity: Warning
Category: Internationalization
If relative layout has text or button items aligned to left and right sides
they can overlap each other due to localized text expansion unless they have
mutual constraints like toEndOf/toStartOf.
Internationalization:Bidirectional Text
RtlCompat
Summary: Right-to-left text compatibility issues
Priority: 6 / 10
Severity: Error
Category: Internationalization:Bidirectional Text
API 17 adds a textAlignment attribute to specify text alignment. However, if
you are supporting older versions than API 17, you must also specify a gravity
or layout_gravity attribute, since older platforms will ignore the
textAlignment attribute.
RtlSymmetry
Summary: Padding and margin symmetry
Priority: 6 / 10
Severity: Warning
Category: Internationalization:Bidirectional Text
If you specify padding or margin on the left side of a layout, you should
probably also specify padding on the right side (and vice versa) for
right-to-left layout symmetry.
RtlHardcoded
Summary: Using left/right instead of start/end attributes
Priority: 5 / 10
Severity: Warning
Category: Internationalization:Bidirectional Text
Using Gravity#LEFT and Gravity#RIGHT can lead to problems when a layout is
rendered in locales where text flows from right to left. Use Gravity#START and
Gravity#END instead. Similarly, in XML gravity and layout_gravity attributes,
use start rather than left.
For XML attributes such as paddingLeft and layout_marginLeft, use paddingStart
and layout_marginStart. NOTE: If your minSdkVersion is less than 17, you
should add both the older left/right attributes as well as the new start/right
attributes. On older platforms, where RTL is not supported and the start/right
attributes are unknown and therefore ignored, you need the older left/right
attributes. There is a separate lint check which catches that type of error.
(Note: For Gravity#LEFT and Gravity#START, you can use these constants even
when targeting older platforms, because the start bitmask is a superset of the
left bitmask. Therefore, you can use gravity="start" rather than
gravity="left|start".)
RtlEnabled
Summary: Using RTL attributes without enabling RTL support
Priority: 3 / 10
Severity: Warning
Category: Internationalization:Bidirectional Text
To enable right-to-left support, when running on API 17 and higher, you must
set the android:supportsRtl attribute in the manifest <application> element.
If you have started adding RTL attributes, but have not yet finished the
migration, you can set the attribute to false to satisfy this lint check.