OneSignal-Flutter-SDK icon indicating copy to clipboard operation
OneSignal-Flutter-SDK copied to clipboard

Published 20 hours ago verified publisher icon OneSignal

[question]: How to clear OneSignal.db on logout?

Open affan3699 opened this issue 5 months ago • 0 comments
trafficstars

Context

We are using OneSignal in a Flutter app for a banking application. During a security review, we noticed that the file /data/data/<package_name>/databases/OneSignal.db persists even after a user logs out.

Concern

This file can store notifications including sensitive data (e.g. OTP, transaction alerts, name, number etc) and is still accessible if the device is rooted — even after OneSignal.logout() is called.

Risk

In high-security apps like mobile banking, this behavior could be flagged during VAPT audits or internal security assessments. Keeping user-specific notifications on disk post-logout may violate data minimization policies or security guidelines.

Request

  • Provide a method to clear local notification data (OneSignal.db) upon logout.
  • Or suggest a workaround for Flutter where we can programmatically purge this storage without rooting or breaking SDK constraints.

Why it's important

This change or recommendation would help apps in finance, healthcare, and government sectors meet stricter data handling requirements.

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

affan3699 avatar Jun 16 '25 17:06 affan3699