1 Separate interface and data management
2 Define roles of available interfaces UNIMPLEMENTABLE
3 Do not use shareable interfaces in applications with different SDs
4 Do not put basic applications in packages containing certified applets
5 Define all possible entry points UNIMPLEMENTABLE
6 a Do not instantiate objects outside install() and constructor
b Limit data heap resources usage
c Limit telecom file system resources usage
d Do not use infinite loop
7 a Remove dead code
b Remove debug information
8 Ensure that file import versions are compatible with the target cards
9 Use an incremented major version for the basic application with the same AID as an already-verified basic application with different exported methods signatures
10 Verify basic application bytecode with the tool from Oracle JCDK 3.0.3 or higher
11 Verify the cardlet installation parameters UNIMPLEMENTABLE
12 Register applet instance at late as possible
13 Initialize menu entries in install
14 Implement uninstall method in Java Card 2.2.1 applets
15 Ensure that a cardlet is not in run mode and not selected on a channel before deleted UNIMPLEMENTABLE
16 Delete all created files in the deletion phase
17 a Do not use java.rmi IMPLEMENTED
b Limit the use of APDU (cf. process(APDU))
c Limit the use of Applet.process()
d Limit the use of Applet.getShareableInterfaceObject()
e Limit the use of JCSystem.lookupAID()
f Limit the use of JCSystem.abortTransaction()
g Limit the use of JCSystem.getPreviousContextAID()
h Limit the use of JCSystem.getAppletShareableInterfaceObject()
i Limit the use of MultiSelectable
j Do not use OwnerPIN.setValidatedFlag(boolean) in basic applications
k Limit the use of OwnerPIN.reset()
l Limit the use of OwnerPIN.update(byte[], short, byte)
m Limit the use of OwnerPIN.resetAndUnblock()
n Limit the use of Shareable
o Do not use javacard.framework.service
18 a Do not use GPRegistryEntry.getRegistryEntry
b Do not use GPRegistryEntry.lockCard()
c Do not use GPRegistryEntry.setATRHistBytes
d Do not use GPRegistryEntry.setCardContentState
e Do not use GPRegistryEntry.terminateCard()
f Do not use GPRegistryEntry.deregisterService
g Do not use GPSystem.CVM except verify(), getTriesRemaining() and is*()
h Do not use CRELApplication.notifyCLEvent(...)
i Do not use CRSApplication.processCLRequest
j Do not use GPCLSystem.getCardCLInfo(...)
k Do not use GPCLSystem.getGPCLRegistryEntry(...)
l Do not use GPCLSystem.getNextGPCLRegistryEntry(...)
m Do not use GPCLSystem.setCommunicationInterface(...)
n Do not use GPCLSystem.setVolatileProprietary(...)
19 a Limit the use of uicc.access.FileView
b Limit the use of uicc.access.UICCSystem
c Limit the use of uicc.access.bertlvfile
d Limit the use of uicc.access.fileadministration
e Limit the use of uicc.toolkit
20 a Limit the use of PRO_CMD_LAUNCH_BROWSER
b Limit the use of PRO_CMD_PERFORM_CARD_APDU
c Limit the use of PRO_CMD_POWER_OFF_CARD
e Limit the use of PRO_CMD_RUN_AT_COMMAND
f Limit the use of PRO_CMD_SEND_DATA
g Limit the use of PRO_CMD_SEND_DTMF
i Limit the use of PRO_CMD_SET_UP_CALL
21 a Do not use EVENT_MO_SHORT_MESSAGE_CONTROL_BY_NAA in service provider application
b Do not use EVENT_CALL_CONTROL_BY_NAA in service provider application
d Do not use EVENT_EVENT_DOWNLOAD_CALL_DISCONNECTED in service provider application
e Do not use EVENT_EVENT_DOWNLOAD_LOCATION_STATUS in service provider application
f Do not use EVENT_EVENT_DOWNLOAD_USER_ACTIVITY in service provider application
22 Do not use EVENT_MO_SHORT_MESSAGE_CONTROL_BY_NAA in service provider application
23 Do not store applet object references in static fields
24 Do not rely exclusively on the object deletion feature
25 Do not use the scratch buffer for exchanges between applets
26 Do not allocate arrays with dynamically calculated size
27 Allocate FileView objects during installation
28 Do not create file except during installation
29 Do not use recursion
30 Allocate all objects in installation phase or use singleton
31 a Limit access to customer personal information on the handset
b Limit access to capture interface
c Limit call interception
d Limit call set up
e Limit messages interception
f Limit messages sending
g Limit local connection establishment
h Limit distant connection establishment
i Limit management or triggering of other applications
j Limit interrogation of capacities or configuration of the terminal
32 Do not access or create files except application and other specifically allowed files SUBSUMED see rule 33
33 Restrict access to files, except: 3F00, 2FE2r, 7F10/6F3Arwu, 7F10/6F3Cru, 7F10/6F44ru, 7F10/5F3A/4F30ru, 7F10/5F3A/4F3Arwu, 7F10/5F3A/4F09rwu, 7F10/5F3A/4F40rwu, 7F10/5F3A/4F60rwu, 7F10/5F3A/4F61rwu, 7F10/5F3A/4F50rwu, 7F10/5F3A/4F10rwu, 7F10/5F3A/4F22rwu, 7F10/5F3A/4F23rwu, 7F10/5F3A/4F24rwu, 7F20/6F07r, 7F10/6F14r, 7F10/6F46r, 7FFF/6F07r, 7FFF/6F3Cru, 7FFF/6F46r, 7FFF/6F80ru, 7FFF/6F81ru, 7FFF/6F82ru, 7FFF/6F83ru, 7FFF/6FCEru, 7FFF/6FD0ru, 7FFF/6FD3ru
34 Use ToolkitRegistry.registerFileEvent on application-specific files only
35 a Create only a determined number of files
b Create files only in the installation phase
36 Create files only in ADF
37 Access ADFs and files using determined identifiers only
38 Use constants for AID values (except for application instance AID)
39 Do not access files controlled by the MNO
40 Register file update events only on accessible files
41 Verify content written in phone book files
42 Do not resize files
43 Use exceptions to handle errors and exceptional situations
44 Catch all exceptions in library code
45 Do not throw runtime exceptions
46 Throw and catch specific exception types only
47 Do not define application-specific exception types
48 Do not use platform specific APIs or libraries outside the scope of the platform certification TOE
49 Do not use ISOException(REPLY_BUSY) for concluding event processing
50 Do not use hidden channels
51 Do not use objects that implement system interfaces shared by another application
52 Register events and initialize STK menu at the end of initialization phase
53 Do not use Java Card RMI
54 Restrict GP Privileges of basic application UNIMPLEMENTABLE
55 Do not assign an access domain to a basic application that gives more right than needed UNIMPLEMENTABLE
56 Always include a default case on switch statements
57 Do not use int type
58 a Do not use 0xFF as CLA
b Use even value for INS
c Do not use 0x6 and 0x9 as the most significant nibble of the INS
d Ensure that the most significant byte of status word is in the range of 0x6X and 0x9X
59 Mask low-order CLA bits
60 Do not register call and SMS control events
61 Do not register proprietary events
62 a Do not use ViewHandler.compareValue
b Do not use ViewHandler.copy
c Do not use ViewHandler.copyValue
d Do not use EditHandler.appendArray
63 Protect all accesses to handlers by an exception handler
64 Declare the attribute of classes, fields and methods as privately as possible and final when possible
65 a Name all constants
b Declare all constants as static final fields
66 Use identifier in function calls parameters