I am aware of the issue of user entered pass phrases being left in memory if stored in Java Strings (due to String being immutable).
Which takes me onto using char arrays.
However, I am wondering if there are other issues due to android using Strings to back their TextField widgets. Is there any good practises that I could use to limit the chances of hacker seeing passphrase in memory after app is closed?
NOTE: I have found this 'cacheword' project which seems promising, but it has a warning of 'still in development'
Aucun commentaire:
Enregistrer un commentaire