Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Notification Settings: External Client App’s Notification Settings Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Notification Settings: External Client App’s Notification Settings Control

            The control facilitates the configuration of mobile push notifications to alert users of specific Salesforce events.

            Control Name

            External Client Apps: Notification Settings: External Client App’s Notification Settings: External Client App’s Notification Settings

            Recommended Configuration

            Configure the External Client App’s Notification Settings (Beta).

            Control Overview

            The control facilitates the configuration of mobile push notifications to alert users of specific Salesforce events, such as approval requests or mentions, while they are not actively using the application.

            Security Risk If Not Configured

            The absence of a defined push notification policy increases the likelihood of sensitive data leakage through cleartext payloads shown on locked device screens or intercepted via insecure delivery channels.

            Threat Scenarios

            An unauthorized individual could view sensitive transaction details, approval request information, or user mentions directly from the device lock screen without requiring physical authentication to the handset.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Failure to secure notification content can result in a breach of confidentiality for sensitive information, potentially leading to identity theft, account takeover, or non-compliance with data privacy regulations.

            Higher Risk When

            Risk levels increase when notification payloads include personally identifiable information (PII) or when the application does not mask message previews while the device remains in a locked state.

            Low Risk When

            Risk is reduced if the application only sends generic pings that require the user to authenticate within the app to view the actual sensitive content or if end-to-end encryption is applied to the payload.

            Business and Integration Considerations

            Establishing these policies requires coordination between backend notification servers and mobile operating system APIs, which may affect user engagement metrics and the timeliness of critical alerts.

            Recommended Remediation

            Implement a policy that restricts sensitive data in push payloads and configures the application to use generic placeholders for notifications shown on the system-level lock screen.

            Security Health Review Guidance

            Adhere to secure messaging principles by so that push notifications serve only as a signaling mechanism rather than a primary transport for sensitive data or cryptographic secrets.

            See Also

             
            Loading
            Salesforce Help | Article