Reputation: 4595
Android how to handle sensitive data in memory
Please I have the following scenario:
the app uses a password to access to some remote webservice over HTTPS;
to do so, the app asks the user the password, does NOT store it on the device (and use it in a safe manner to access the webservice).
My concern is the following: it's theroetically possible to access the memory to read the data it contains and eventually retrieve the password.
Please how do I prevent this from happening?
Thanks
Upvotes: 3
Views: 2495
Answers (2)
Reputation: 1007369
Please how do I prevent this from happening?
I wear tin-foil hats on a professional basis (besides, I think they look spiffy...), and this is beyond what I normally worry about. I'd worry about making your HTTPS code won't be the victim of a Martian-in-the-middle (MITM) attack, as that's a lot easier for an attacker to execute.
That being said, as samgak alludes to in a comment, String is immutable. Once the password is in a String, you are at risk for the attack that you describe.
If you use an EditText to collect the password, do not call getText().toString() to get what the user typed in. getText() will return an Editable, which allows you to get at characters, not a String. Then, if your HTTP client API allows you to fill in the password using a char[], once the HTTP request is done, you can clear out the contents of the char[], clear() the Editable, and then pray that EditText and kin aren't holding onto a String anywhere that represents what the user typed in. This may vary somewhat by device, as device manufacturers have had a long history of screwing around with EditText behavior, and so what may be clean in terms of AOSP code may be less clean on the hardware from some certain manufacturers.
If you are getting the password by some other means (e.g., your own set of PIN entry buttons), just avoid a String representation of the result, and wipe out the char[] when you're done with it.
Upvotes: 7
Reputation: 4654
Yes, theoretically it is possible, when having physical access to the device. At least it possible to debug the application and to catch a value in any point when encoded/decoded, i.e. it is open.
But much more simple way it is to catch user input itself, when he enters a password. So, you not need to worry about memory sploits.
Upvotes: 0
Related Questions
- Best way to secure Android app sensitive Data?
- How to securely store credentials (password) in Android application?
- How to store secure string in Android?
- Storing sensitive data in java(android) at runtime
- Android - Storing a PIN/Password
- Storing sensitive user data in Android
- Storing secure data in android
- Is there a way to process sensitive data in memory securely on Android?
- saving password in device memory in android
- Store password temporarily in memory