Exposure of sensitive information to UI text views¶
ID: java/android/sensitive-textKind: path-problemSecurity severity: 6.5Severity: warningPrecision: mediumTags: - security - external/cwe/cwe-200Query suites: - java-security-extended.qls - java-security-and-quality.qls
Click to see the query in the CodeQL repository
Sensitive information such as passwords should not be displayed in UI components unless explicitly required, to mitigate shoulder-surfing attacks.
Recommendation¶
For editable text fields containing sensitive information, theinputType should be set totextPassword or similar to ensure it is properly masked. Otherwise, sensitive data that must be displayed should be hidden by default, and only revealed based on an explicit user action.
Example¶
In the following (bad) case, sensitive information inpassword is exposed to theTextView.
TextViewpwView=getViewById(R.id.pw_text);pwView.setText("Your password is: "+password);// BAD: password is shown immediately
In the following (good) case, the user must press a button to reveal sensitive information.
TextViewpwView=findViewById(R.id.pw_text);pwView.setVisibility(View.INVISIBLE);pwView.setText("Your password is: "+password);ButtonshowButton=findViewById(R.id.show_pw_button);showButton.setOnClickListener(newView.OnClickListener(){publicvoidonClick(Viewv){pwView.setVisibility(View.VISIBLE);// GOOD: password is only shown when the user clicks the button}});
References¶
OWASP Mobile Application Security:Android Data Storage - UI Components
Common Weakness Enumeration:CWE-200.