Adversaries may collect data within notifications sent by the operating system or other applications. Notifications may contain sensitive data such as one-time authentication codes sent over SMS, email, or other mediums. In the case of Credential Access, adversaries may attempt to intercept one-time code sent to the device. Adversaries can also dismiss notifications to prevent the user from noticing that the notification has arrived and can trigger action buttons contained within notifications.
|M1013||Application Developer Guidance||
Application developers could be encouraged to avoid placing sensitive data in notification text.
On Android devices with a work profile, the
Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications.
Application vetting services can look for applications requesting the
BIND_NOTIFICATION_LISTENER_SERVICE permission in a service declaration. Users can also inspect and modify the list of applications that have notification access through the device settings (e.g. Apps & notification -> Special app access -> Notification access).