Skip to main content

Security features of Notification Center

Here Core UI Notification Center offers the following features to support application security:

  • Application identity

  • Limited HTML

Application identity

When an application launches a notification, Notification Center uses the app’s manifest to determine its identity. Therefore, an application cannot pretend to be something other than itself. This strategy enables a few key security features.

No spoofing

An application does not provide an application name when it creates a notification; instead, the name is read from the application's manifest. As a result, an application cannot generate a notification pretending to be from a source that it is not, thereby causing data leakage.

No access to other apps' notifications

An application has two ways to access notifications that have already been created:

  • Ask for notifications that it has created.

  • Ask for a notification by ID.

In the first case, Notification Center returns only notifications created with that app’s identity, and not by other applications. Therefore, a vendor can’t browse the notifications of other applications. In the second case, where an app queries by the ID of the notification, a good strategy is to use UUIDs so that other applications can’t guess the IDs used by your application.

Limited HTML

Notification Center does not allow arbitrary HTML to be used for notifications: the data format is JSON. Therefore, an application vendor cannot inject HTML that contains script elements and run non-Here Core code in its Notification Center app.

Table of Contents