Sensitive<T>
– Masking Sensitive Data by DefaultHere’s our very own data-masking tool. When a data field itself contains some sensitive value, it should be encapsulated within the below data class to achieve data obfuscation by default. Since the
toString()
method is overridden, where “masked” is always returned, its actual value can’t be printed out unless explicitly requested. Access to sensitive or restricted information is controlled this way, reminding the developers not expose one. Below is a data-masking example class written in Kotlin:data class Sensitive<T>(private val data: T) {
override fun toString() = "masked"
fun getSensitive(): T = data
}
A hint – some programming languages support memory erasure, you may want to implement a
clear()
function with that.Here’s an example data class User where three of its properties are considered sensitive, which hence needs data masking with
Sensitive<T>
:data class User(
val name: Sensitive<String>,
val email: Sensitive<String>,
val cardLast4: Sensitive<String>,
val username: String
)
Below is a demo on masking with
Sensitive<T>
:data class Sensitive<T>(private val data: T) {
override fun toString() = "masked"
fun getSensitive(): T = data
}
data class User(
val name: Sensitive<String>,
val email: Sensitive<String>,
val cardLast4: Sensitive<String>,
val username: String
)
fun main() {
val user = User(
Sensitive("Elliot"),
Sensitive("[email protected]"),
Sensitive("1234"),
"elliot"
)
println(user)
println(user.name.getSensitive())
}
An interactive code snippet is available here, try to run it! The result should be:
User(name=masked, email=masked, cardLast4=masked, username=elliot)
Elliot
Explicit Request on Sensitive Data
In cases where a developer really has to obtain a sensitive data field, they can do so by calling the function
getSensitive()
from the data class Sensitive<T>
. Such operation is intentionally designed to be inconvenient so the developer will need to think twice before impetuously printing PII to the console.Track Exposed Sensitive Data
To visualize which part(s) of code explicitly requested to expose sensitive data, type the following
grep
command in your terminal:grep -nR getSensitive .
This can be effortlessly integrated into a CI pipeline to conduct auto security checks on exposed sensitive data.
Thorough understandings of behaviours of the underlying operating system is also essential to a secure development cycle.
While we may have PII data hidden by sensitive filters in the code and log console, it’s still possible that the sensitive data value is shown on the UI. Make sure to disable screenshot ability and background preview on such screens.
Android – Disable Screenshot
window.setFlags(WindowManager.LayoutParams.FLAG_SECURE,
WindowManager.LayoutParams.FLAG_SECURE)
Android – Hide Sensitive Screen on Recent Apps List
This StackOverflow post covers the logic in lifecycle
onPause()
and onResume()
to hide an app’s screen from the Recent Apps List on Android. It may not work on older Android versions (i.e., pre-Android 8/Oreo), so you may have to opt for more robust measures like setting android:excludeFromRecents="true"
in your manifest, or self-replacing the screen with a black image temporarily.iOS – Replace Task Switcher Thumbnail
This document covers how to hide sensitive information from the Task Switcher preview.
This article is an excerpt from my article "Data Masking and Handling to Minimize Sensitive Data Exposure".
Previously published at https://code.oursky.com/data-masking-and-handling-to-minimize-sensitive-data-exposure/