Exposure of sensitive information to UI text viewsΒΆ
ID: java/android/sensitive-text
Kind: path-problem
Security severity: 6.5
Severity: warning
Precision: medium
Tags:
- security
- external/cwe/cwe-200
Query suites:
- java-security-extended.qls
- java-security-and-quality.qls
Click to see the query in the CodeQL repository
Sensitive information such as passwords should not be displayed in UI components unless explicitly required, to mitigate shoulder-surfing attacks.
RecommendationΒΆ
For editable text fields containing sensitive information, the inputType should be set to textPassword or similar to ensure it is properly masked. Otherwise, sensitive data that must be displayed should be hidden by default, and only revealed based on an explicit user action.
ExampleΒΆ
In the following (bad) case, sensitive information in password is exposed to the TextView.
TextView pwView = getViewById(R.id.pw_text);
pwView.setText("Your password is: " + password);
In the following (good) case, the user must press a button to reveal sensitive information.
TextView pwView = findViewById(R.id.pw_text);
pwView.setVisibility(View.INVISIBLE);
pwView.setText("Your password is: " + password);
Button showButton = findViewById(R.id.show_pw_button);
showButton.setOnClickListener(new View.OnClickListener() {
public void onClick(View v) {
pwView.setVisibility(View.VISIBLE);
}
});
ReferencesΒΆ
OWASP Mobile Application Security: Android Data Storage - UI Components
Common Weakness Enumeration: CWE-200.