Adversaries may collect data within notifications sent by the operating system or other applications. Notifications may contain sensitive data such as one-time authentication codes sent over SMS, email, or other mediums. In the case of Credential Access, adversaries may attempt to intercept one-time code sent to the device. Adversaries can also dismiss notifications to prevent the user from noticing that the notification has arrived and can trigger action buttons contained within notifications.
|Application Developer Guidance
Application developers could be encouraged to avoid placing sensitive data in notification text.
On Android devices with a work profile, the
Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications.
Application vetting services can look for applications requesting the
The user can also inspect and modify the list of applications that have notification access through the device settings (e.g. Apps & notification -> Special app access -> Notification access).