From 0543ad137ebff53d872a1a090b90df9d792d1c3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Tue, 17 Mar 2015 02:17:33 +0100 Subject: [PATCH] Updated App Security (markdown) --- App-Security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/App-Security.md b/App-Security.md index 32756a7..108423e 100644 --- a/App-Security.md +++ b/App-Security.md @@ -62,7 +62,7 @@ Does not protect against: memory dumps * Complicates the implementation (pass ``byte[]`` in ``Parcelables`` instead of ``Strings``?) * No convincing attack scenario (see argument below) -> Some people believe that you have to overwrite the memory used to store the password once you no longer > need it. This reduces the time window an attacker has to read the password from your system and > completely ignores the fact that the attacker already needs enough access to hijack the JVM memory to do > this. An attacker with that much access can catch your key events making this completely useless (AFAIK, so please correct me if I am wrong). +> Some people believe that you have to overwrite the memory used to store the password once you no longer need it. This reduces the time window an attacker has to read the password from your system and completely ignores the fact that the attacker already needs enough access to hijack the JVM memory to do this. An attacker with that much access can catch your key events making this completely useless. (from http://stackoverflow.com/a/8881461)