Hackernoon logoHow To Code To Prevent Sensitive Data Exposure by@oursky

How To Code To Prevent Sensitive Data Exposure

When a data field contains some sensitive value, it should be encapsulated within the below data class to achieve data obfuscation by default. Since the "masked" method is overridden, where “masked” is always returned, its actual value can’t be printed out unless explicitly requested. In cases where a developer really has to obtain a sensitive data field, they can do so by calling the function "getSensitive()" The result should be:Explicit Request on Sensitive Data. It’s still possible that the sensitive data value is shown on the UI.
image
Oursky Hacker Noon profile picture

@ourskyOursky

We don't just build apps. We create award-winning digital experiences and use technology to solve real-life problems.

Data Class 
Sensitive<T>
 – Masking Sensitive Data by Default

Here’s our very own data-masking tool. When a data field itself contains some sensitive value, it should be encapsulated within the below data class to achieve data obfuscation by default. Since the 

toString()
 method is overridden, where “masked” is always returned, its actual value can’t be printed out unless explicitly requested. Access to sensitive or restricted information is controlled this way, reminding the developers not expose one. Below is a data-masking example class written in Kotlin:

data class Sensitive<T>(private val data: T) {
  override fun toString() = "masked"
  fun getSensitive(): T = data
}

A hint – some programming languages support memory erasure, you may want to implement a 

clear()
 function with that.

Here’s an example data class User where three of its properties are considered sensitive, which hence needs data masking with

Sensitive<T>
:

data class User(
  val name: Sensitive<String>,
  val email: Sensitive<String>,
  val cardLast4: Sensitive<String>,
  val username: String
)

Below is a demo on masking with 

Sensitive<T>
:

data class Sensitive<T>(private val data: T) {
  override fun toString() = "masked"
  fun getSensitive(): T = data
}

data class User(
  val name: Sensitive<String>,
  val email: Sensitive<String>,
  val cardLast4: Sensitive<String>,
  val username: String
)

fun main() {
    val user = User(
        Sensitive("Elliot"), 
        Sensitive("[email protected]"), 
        Sensitive("1234"),
        "elliot"
    )
    println(user)
    println(user.name.getSensitive())
}

An interactive code snippet is available here, try to run it! The result should be:

User(name=masked, email=masked, cardLast4=masked, username=elliot)
Elliot

Explicit Request on Sensitive Data

In cases where a developer really has to obtain a sensitive data field, they can do so by calling the function 

getSensitive()
 from the data class
Sensitive<T>
. Such operation is intentionally designed to be inconvenient so the developer will need to think twice before impetuously printing PII to the console.

Track Exposed Sensitive Data

To visualize which part(s) of code explicitly requested to expose sensitive data, type the following

grep
command in your terminal:

grep -nR getSensitive .

This can be effortlessly integrated into a CI pipeline to conduct auto security checks on exposed sensitive data.

Disable Screenshot and Background Preview when Handling Sensitive Information

Thorough understandings of behaviours of the underlying operating system is also essential to a secure development cycle.

While we may have PII data hidden by sensitive filters in the code and log console, it’s still possible that the sensitive data value is shown on the UI. Make sure to disable screenshot ability and background preview on such screens.

Android – Disable Screenshot

window.setFlags(WindowManager.LayoutParams.FLAG_SECURE,
                WindowManager.LayoutParams.FLAG_SECURE)

Android – Hide Sensitive Screen on Recent Apps List

This StackOverflow post covers the logic in lifecycle 

onPause()
 and
onResume()
 to hide an app’s screen from the Recent Apps List on Android. It may not work on older Android versions (i.e., pre-Android 8/Oreo), so you may have to opt for more robust measures like setting
android:excludeFromRecents="true"
 in your manifest, or self-replacing the screen with a black image temporarily.

iOS – Replace Task Switcher Thumbnail

This document covers how to hide sensitive information from the Task Switcher preview.

This article is an excerpt from my article "Data Masking and Handling to Minimize Sensitive Data Exposure".

Previously published at https://code.oursky.com/data-masking-and-handling-to-minimize-sensitive-data-exposure/

Oursky Hacker Noon profile picture
by Oursky @oursky. We don't just build apps. We create award-winning digital experiences and use technology to solve real-life problems.Learn how we do it.

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.