Apply docs review suggestions

- Punctuation - Rewording Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
2025-12-24 04:36:35 +01:00 · 2023-03-10 09:47:47 -05:00
parent 3ee14f914b
commit e2acc26419
1 changed files with 9 additions and 10 deletions
--- a/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.qhelp
+++ b/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.qhelp
@@ -4,30 +4,29 @@
 <qhelp>
  <overview>
    <p>
-      Android allows an application to install an APK (Android package kit)
+      Android allows an application to install an Android Package Kit (APK)
      using an <code>Intent</code> with
      the <code>"application/vnd.android.package-archive"</code> MIME type. If
      the file used in the <code>Intent</code> is from a location that is not
-      controlled by the application (for example, the SD card which is
-      universally writable), this can result in the installation of an
-      application which was not intended.
+      controlled by the application (for example, an SD card that is
+      universally writable), this can result in the unintended installation of untrusted applications.  
    </p>
  </overview>

  <recommendation>
    <p>
-      It is advised to transition to install packages using
+      You should install packages using
      the <code>PackageInstaller</code> class.
    </p>

    <p>
-      If installation from a file is necessary, it is best to use
+      If you need to install from a file, you should use
      a <code>FileProvider</code>. Content providers can provide more specific
      permissions than file system permissions can.
    </p>

    <p>
-      When your application does not require installing packages, do not add
+      When your application does not require package installations, do not add
      the <code>REQUEST_INSTALL_PACKAGES</code> permission in the manifest file.
    </p>
  </recommendation>
@@ -36,21 +35,21 @@

    <p>
      In the following (bad) example, the package is installed from a file which
-      may be altered by another application.
+      may be altered by another application:
    </p>

    <sample src="InstallApkWithFile.java"/>

    <p>
      In the following (good) example, the package is installed by using
-      a <code>FileProvider</code>.
+      a <code>FileProvider</code>:
    </p>

    <sample src="InstallApkWithFileProvider.java"/>

    <p>
      In the following (good) example, the package is installed using an
-      instance of the <code>android.content.pm.PackageInstaller</code> class.
+      instance of the <code>android.content.pm.PackageInstaller</code> class:
    </p>

    <sample src="InstallApkWithPackageInstaller.java"/>