Menu
Please I have the following scenario:
the app uses a password to access to some remote webservice over HTTPS;
to do so, the app asks the user the password, does NOT store it on the device (and use it in a safe manner to access the webservice).
My concern is the following: it's theroetically possible to access the memory to read the data it contains and eventually retrieve the password.
Please how do I prevent this from happening?
Thanks
794
Please how do I prevent this from happening?
I wear tin-foil hats on a professional basis (besides, I think they look spiffy...), and this is beyond what I normally worry about. I'd worry about making your HTTPS code won't be the victim of a Martian-in-the-middle (MITM) attack, as that's a lot easier for an attacker to execute.
That being said, as samgak alludes to in a comment, String is immutable. Once the password is in a String, you are at risk for the attack that you describe.
If you use an EditText to collect the password, do not call getText().toString() to get what the user typed in. getText() will return an Editable, which allows you to get at characters, not a String. Then, if your HTTP client API allows you to fill in the password using a char[], once the HTTP request is done, you can clear out the contents of the char[], clear() the Editable, and then pray that EditText and kin aren't holding onto a String anywhere that represents what the user typed in. This may vary somewhat by device, as device manufacturers have had a long history of screwing around with EditText behavior, and so what may be clean in terms of AOSP code may be less clean on the hardware from some certain manufacturers.
If you are getting the password by some other means (e.g., your own set of PIN entry buttons), just avoid a String representation of the result, and wipe out the char[] when you're done with it.
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
