android-security-deps-v1Certifiedv1.0.0

Android / Kotlin security dependency alerts

Dependency vulnerability alerts for Android / Kotlin (advisory; requires confirmation).

Protects against

Rule body

Rule body
# Android / Kotlin security dependency alerts

Dependency-related security advisories. These instructions MUST NOT automatically edit dependency files.

Verb contract: WARN + CONFIRM + CHECK. No ALWAYS pinning or silent upgrades.

### CVE-2024-0045 — Android Bluetooth permission bypass

Context: Bluetooth operations without explicit permission checks allow unprivileged apps to access or modify paired devices.
Source: https://nvd.nist.gov/vuln/detail/CVE-2024-0045

WHEN you detect `android` in this project at a vulnerable version:

WARN the developer: ⚠️ CVE-2024-0045: android may be vulnerable. Bluetooth operations without explicit permission checks allow unprivileged apps to access or modify paired devices. Patched versions: android patch>=2024-01-01

CHECK for dependency conflicts before proposing any upgrade:
Run: `# check dependency tree for android`

DO NOT modify dependency files without developer confirmation.

WHEN the developer confirms they want to upgrade:
1. Show the dependency tree output and identify conflicts
2. Propose a migration plan (including breaking changes) before editing files
3. Only then apply the upgrade

---