Application Developer Guidance
This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.
Techniques Addressed by Mitigation
Ensure that applications do not store sensitive data or credentials insecurely. (e.g. plaintext credentials in code, published credentials in repositories, or credentials in public cloud storage).
Application developers could be encouraged to avoid placing sensitive data in notification text.
|Mobile||T1413||Access Sensitive Data in Device Logs||
Application developers should be discouraged from writing sensitive data to the system log in production apps.
Application developers can apply
Developers should use Android App Links and iOS Universal Links to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE should be used to prevent use of stolen authorization codes.