[question]: How to clear OneSignal.db on logout? #1044
Description
Context
We are using OneSignal in a Flutter app for a banking application. During a security review, we noticed that the file /data/data/<package_name>/databases/OneSignal.db persists even after a user logs out.
Concern
This file can store notifications including sensitive data (e.g. OTP, transaction alerts, name, number etc) and is still accessible if the device is rooted — even after OneSignal.logout() is called.
Risk
In high-security apps like mobile banking, this behavior could be flagged during VAPT audits or internal security assessments. Keeping user-specific notifications on disk post-logout may violate data minimization policies or security guidelines.
Request
- Provide a method to clear local notification data (
OneSignal.db) upon logout. - Or suggest a workaround for Flutter where we can programmatically purge this storage without rooting or breaking SDK constraints.
Why it's important
This change or recommendation would help apps in finance, healthcare, and government sectors meet stricter data handling requirements.
Code of Conduct
- I agree to follow this project's Code of Conduct