Checking for Sensitive Data Disclosure Through the User Interface
Carefully review all UI components that either show such information or take it as input. Search for any traces of sensitive information and evaluate if it should be masked or completely removed.
To make sure an application is masking sensitive user input, check for the following attribute in the definition of
With this setting, dots (instead of the input characters) will be displayed in the text field, preventing the app from leaking passwords or pins to the user interface.
When statically assessing an application, it is recommended to search for any usage of the
NotificationManager class which might be an indication of some form of notification management. If the class is being used, the next step would be to understand how the application is generating the notifications.
These code locations can be fed into the Dynamic Analysis section below, providing an idea of where in the application notifications may be dynamically generated.
To determine whether the application leaks any sensitive information to the user interface, run the application and identify components that could be disclosing information.
If the information is masked by, for example, replacing input with asterisks or dots, the app isn't leaking data to the user interface.
To identify the usage of notifications run through the entire application and all its available functions looking for ways to trigger any notifications. Consider that you may need to perform actions outside of the application in order to trigger certain notifications.
While running the application you may want to start tracing all calls to functions related to the notifications creation, e.g.
NotificationCompat.Builder. Observe the trace in the end and evaluate if it contains any sensitive information.