Apply docs review suggestions

egregius313 · subatoi · web-flow · commit e2acc26419e9 · 2023-03-10T09:47:47.000-05:00
- Punctuation
- Rewording

Co-authored-by: Ben Ahmady &lt;32935794+subatoi@users.noreply.github.com&gt;
diff --git a/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.qhelp b/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.qhelp
@@ -4,30 +4,29 @@
 <qhelp>
   <overview>
     <p>
-      Android allows an application to install an APK (Android package kit)
+      Android allows an application to install an Android Package Kit (APK)
       using an <code>Intent</code> with
       the <code>"application/vnd.android.package-archive"</code> MIME type. If
       the file used in the <code>Intent</code> is from a location that is not
-      controlled by the application (for example, the SD card which is
-      universally writable), this can result in the installation of an
-      application which was not intended.
+      controlled by the application (for example, an SD card that is
+      universally writable), this can result in the unintended installation of untrusted applications.  
     </p>
   </overview>
 
   <recommendation>
     <p>
-      It is advised to transition to install packages using
+      You should install packages using
       the <code>PackageInstaller</code> class.
     </p>
 
     <p>
-      If installation from a file is necessary, it is best to use
+      If you need to install from a file, you should use
       a <code>FileProvider</code>. Content providers can provide more specific
       permissions than file system permissions can.
     </p>
 
     <p>
-      When your application does not require installing packages, do not add
+      When your application does not require package installations, do not add
       the <code>REQUEST_INSTALL_PACKAGES</code> permission in the manifest file.
     </p>
   </recommendation>
@@ -36,21 +35,21 @@
 
     <p>
       In the following (bad) example, the package is installed from a file which
-      may be altered by another application.
+      may be altered by another application:
     </p>
 
     <sample src="InstallApkWithFile.java"/>
 
     <p>
       In the following (good) example, the package is installed by using
-      a <code>FileProvider</code>.
+      a <code>FileProvider</code>:
     </p>
 
     <sample src="InstallApkWithFileProvider.java"/>
 
     <p>
       In the following (good) example, the package is installed using an
-      instance of the <code>android.content.pm.PackageInstaller</code> class.
+      instance of the <code>android.content.pm.PackageInstaller</code> class:
     </p>
 
     <sample src="InstallApkWithPackageInstaller.java"/>
