Exposure of sensitive information to notifications — CodeQL query help documentation

ID: java/android/sensitive-notification
Kind: path-problem
Security severity: 6.5
Severity: error
Precision: medium
Tags:
   - security
   - external/cwe/cwe-200
Query suites:
   - java-security-extended.qls
   - java-security-and-quality.qls

Click to see the query in the CodeQL repository

Sensitive information such as passwords or two-factor authentication (2FA) codes should not be exposed in a system notification. Notifications should not be considered secure, as other untrusted applications may be able to use a NotificationListenerService to read the contents of notifications.

Recommendation¶

Do not expose sensitive data in notifications.

Example¶

In the following sample, the password is sent as part of a notification. This can allow another application to read this password.

// BAD: `password` is exposed in a notification.
void confirmPassword(String password) {
    NotificationManager manager = NotificationManager.from(this);
    manager.send(
        new Notification.Builder(this, CHANNEL_ID)
        .setContentText("Your password is: " + password)
        .build());
}

References¶

OWASP Mobile Application Security: Android Data Storage - Application Notifications
Common Weakness Enumeration: CWE-200.