Exposure of sensitive information to UI text views¶
ID: java/android/sensitive-text
Kind: path-problem
Security severity: 6.5
Severity: warning
Precision: medium
Tags:
- security
- external/cwe/cwe-200
Query suites:
- java-security-extended.qls
- java-security-and-quality.qls
Click to see the query in the CodeQL repository
Sensitive information such as passwords should not be displayed in UI components unless explicitly required, to mitigate shoulder-surfing attacks.
Recommendation¶
For editable text fields containing sensitive information, the inputType should be set to textPassword or similar to ensure it is properly masked. Otherwise, sensitive data that must be displayed should be hidden by default, and only revealed based on an explicit user action.
Example¶
In the following (bad) case, sensitive information in password is exposed to the TextView.
TextView pwView = getViewById(R.id.pw_text);
pwView.setText("Your password is: " + password);
In the following (good) case, the user must press a button to reveal sensitive information.
TextView pwView = findViewById(R.id.pw_text);
pwView.setVisibility(View.INVISIBLE);
pwView.setText("Your password is: " + password);
Button showButton = findViewById(R.id.show_pw_button);
showButton.setOnClickListener(new View.OnClickListener() {
public void onClick(View v) {
pwView.setVisibility(View.VISIBLE);
}
});
References¶
OWASP Mobile Application Security: Android Data Storage - UI Components
Common Weakness Enumeration: CWE-200.