MASVS v1 MSTG-STORAGE-4
MASVS v2 MASVS-STORAGE-2
Determining Whether Sensitive Data Is Shared with Third Parties via Notifications
Search for any usage of the
NotificationManager class which might be an indication of some form of notification management. If the class is being used, the next step would be to understand how the application is generating the notifications and which data ends up being shown.
Run the application and start tracing all calls to functions related to the notifications creation, e.g.
NotificationCompat.Builder. Observe the trace in the end and evaluate if it contains any sensitive information which another app might have eavesdropped.