Fix data safety, security, and coroutine correctness
- Wrap deleteAll+insertAll in Room transaction to prevent data loss
on crash during refresh
- Add CancellationException rethrow in ShelterRepository and
MapCacheManager to preserve structured concurrency
- Close OkHttp response body on error paths (response.use{})
- Add ZIP bomb protection (10MB cap) in GeoJSON parser
- Add per-feature error handling — skip malformed records instead of
losing all shelters
- Validate coordinates within Norway's bounding box
- Enforce HTTPS-only via network_security_config (remove cleartext
allowance for tile.openstreetmap.org)
- Disable android:allowBackup to prevent DB extraction via ADB
- Strip Log.v/d/i in release builds via ProGuard to prevent location
data leakage
- Restore map position in MapCacheManager.finally block on
cancellation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
9639ad44f4
commit
e93273bff4
6 changed files with 136 additions and 55 deletions
7
app/proguard-rules.pro
vendored
7
app/proguard-rules.pro
vendored
|
|
@ -10,3 +10,10 @@
|
|||
# OkHttp
|
||||
-dontwarn okhttp3.**
|
||||
-dontwarn okio.**
|
||||
|
||||
# Strip verbose/debug/info logs in release builds (prevent location data leakage)
|
||||
-assumenosideeffects class android.util.Log {
|
||||
public static int v(...);
|
||||
public static int d(...);
|
||||
public static int i(...);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue