User Interface

User Interface

Sensitive Data Disclosure Through the User Interface

Many apps require users to enter several kinds of data to, for example, register an account or make a payment. Sensitive data may be exposed if the app doesn't properly mask it, when displaying data in clear text. Masking of sensitive data, by showing asterisk or dots instead of clear text should be enforced within an app's activity to prevent disclosure and mitigate risks such as shoulder surfing.

To make sure an application is masking sensitive user input, check for the following attribute in the definition of EditText: android:inputType="textPassword"

With this setting, dots (instead of the input characters) will be displayed in the text field, preventing the app from leaking passwords or pins to the user interface. To determine whether the application leaks any sensitive information to the user interface, run the application and identify components that either show such information or take it as input. If the information is masked by, for example, replacing input with asterisks or dots, the app isn't leaking data to the user interface.