M1: 2016 - Improper Platform Usage

Unofficial Content

Actions by GeneXus

  • GeneXus generated applications automatically ask for needed permissions to the end user on runtime. The applications do not ask for permissions over the device it doesn't need.
  • Sanitizes and control input data types and uses parametrized querys to avoid SQL injections.
  • GeneXus applications do not export sensitive functions and cannot be extracted from backups.
  • Since GeneXus v15 Upgrade 7 GeneXus allow for the developer to configure what can be done on WebViews (session sharing, file execution). Also, disables JavaScript excecution on WebViews.

Actions by Developers

  • If the developer uses External Objects or User Controls which need another permission to function he has to add manually the permission request needed to the application.