On Tuesday, August 30, 2011 6:35:33 AM UTC-4, Quentin wrote: > > 2) Is there any way for the application to lock a memory page, so that > > it can be neither accessed by another app nor moved by the garbage > collector ? > As long as the android security model remains intact, an un-related application (ie, a distinct unprivileged unix user) cannot access your data unless you explicitly share it. If the security model is broken, all bets are off.
> 3) When another application allocates memory, could it be possible that > this memory contains sensitive data written by another app ? Is the > memory automatically zeroed when allocated ? > This is a basic requirement for a multi-user OS which tries to keep user's data private from each other. Android takes a multi-user operating system and makes each 3rd party app its own distinct user. > 4) At the end, is there any way for an application to be sure that any > of its data in memory is wiped (including String or any immutable objects) > ? > If the security model is intact, it shouldn't matter as by definition no one else can access it. If it's broken there are lots of potential attacks, including getting the keystrokes on their way to your application. However, there are a few obvious things you can avoid, such as writing out plaintext information to an sqlite database. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/q70E7TIvIJ8J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
