From d5626f2bdbb7c02ca82fd466675ff7cc40152065 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 17 Mar 2015 02:09:12 +0100
Subject: [PATCH] Updated App Security (markdown)

---
 App-Security.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/App-Security.md b/App-Security.md
index a6d04be..2ce8bc0 100644
--- a/App-Security.md
+++ b/App-Security.md
@@ -59,6 +59,7 @@ Does not protect against: memory dumps
 #### Why not char[] instead of String?
 
 * Passphrase is already a CharSequence when retrieved from EditText, thus it is already in memory as something different than char[] (String extends CharSequence)
+* Complicates the implementation (pass byte[] in Parcelables instead of Strings?)
 * No convincing attack scenario (see argument below)
 
 > Some people believe that you have to overwrite the memory used to store the password once you no longer > need it. This reduces the time window an attacker has to read the password from your system and > completely ignores the fact that the attacker already needs enough access to hijack the JVM memory to do > this. An attacker with that much access can catch your key events making this completely useless (AFAIK, so please correct me if I am wrong).