Crash Risks
Concrete patterns most likely to cause runtime crashes: Kotlin !! force-unwraps, unsafe as casts, unguarded getActivity(), list index access without bounds, intent extras chained without null checks, and WebView JS-injection risks.
Crash · 8 Security
Patterns explained
!! force-unwrap
The Kotlin !! operator throws NullPointerException at the use site. Each instance is a latent crash; fix by safe-call (?.), early return, or making the type non-null.
Unsafe as cast
Throws ClassCastException at runtime if the type doesn't match. Replace with as? safe-cast and handle the null branch.
getActivity() in fragments
Returns null after detach. Always guard with isAdded/null check, or capture the activity reference inside a synchronous lifecycle method.
Index out of bounds
list.get(0) / arr[0] on an empty collection throws. Use firstOrNull() and handle the empty case.
Intent extras NPE
intent.getExtras().getString() NPE if extras bundle is null. Use intent.extras?.getString(KEY).
WebView JS injection
Dynamic loadUrl("javascript:…") or addJavascriptInterface with broad surface is exploitable. Use evaluateJavascript with sanitized inputs.