Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Push Notification Settings and Policies for Mobile: Mobile Push Security Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Push Notification Settings and Policies for Mobile: Mobile Push Security Control

            The control establishes a secure architecture for transmitting out-of-band alerts to mobile devices by governing the content, encryption, and delivery protocols used by notification services.

            Control Name

            External Client Apps: Push Notification Settings and Policies for Mobile: Mobile Push Security

            Recommended Configuration

            Set up push notifications for the mobile app.

            Control Overview

            The control establishes a secure architecture for transmitting out-of-band alerts to mobile devices by governing the content, encryption, and delivery protocols used by notification services.

            Security Risk If Not Configured

            The absence of a defined push notification policy increases the likelihood of sensitive data leakage through cleartext payloads shown on locked device screens or intercepted via insecure delivery channels.

            Threat Scenarios

            An unauthorized individual could view sensitive transaction details or multi-factor authentication codes directly from the device lock screen without requiring physical authentication to the handset.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Failure to secure notification content can result in a breach of confidentiality for sensitive information, potentially leading to identity theft, account takeover, or non-compliance with data privacy regulations.

            Higher Risk When

            Risk levels increase when notification payloads include personally identifiable information or when the application does not mask message previews while the device remains in a locked state.

            Low Risk When

            Risk is reduced if the application only sends generic pings that require the user to authenticate within the app to view the actual sensitive content or if end-to-end encryption is applied to the payload.

            Business and Integration Considerations

            Establishing these policies requires coordination between backend notification servers and mobile operating system APIs, which may affect user engagement metrics and the timeliness of critical alerts.

            Recommended Remediation

            Implement a policy that restricts sensitive data in push payloads and configures the application to use generic placeholders for notifications shown on the system-level lock screen.

            Security Health Review Guidance

            Adhere to secure messaging principles by so that push notifications serve only as a signaling mechanism rather than a primary transport for sensitive data or cryptographic secrets.

            See Also

             
            Loading
            Salesforce Help | Article