MASTG-BEST-0021: Ensure Proper Error and Exception Handling

Secure exception and error handling in Android is about preventing the leakage of sensitive information, managing failures gracefully, and ensuring that errors do not compromise security. User-facing error messages should remain generic, while controlled logging is reserved for developers. The OWASP DevGuide reinforces these principles with a focus on not disclosing internal details to end users, not disclosing sensitive user data to developers, and ensuring secure failure modes that do not weaken authentication or authorization.

• Avoid leaking sensitive information: Error messages shown to users should be generic and not reveal internal details. Logs should be sanitized to remove sensitive data and restricted to authorized personnel. The official Log Info Disclosure guidance warns against including sensitive data or stack traces in production logs and recommends sanitization and reduced verbosity.
• Fail securely: Exceptions must not weaken security controls. Any failure in security checks should result in a deny outcome, blocking the action rather than allowing weaker assumptions or insecure fallbacks. Security mechanisms should default to denying access until explicitly granted, since fail-open paths are a common attack vector.
• Validate strictly and abort on errors: Unexpected formats or values should be treated as errors. Do not continue in a partially verified state. For example, if a network call succeeds at the transport layer but fails validation at the application layer, processing must stop. If the validation fails, do not try to sanitize the data to make the validation succeed.

See these resources for more details:

• "OWASP - Fail Securely"
• "OWASP - Improper Error Handling"
• "CWE-636 - Not Failing Securely ('Failing Open')"