On Sat, Aug 4, 2012 at 2:51 PM, RichardC <[email protected]> wrote: > How about clearing yourself? You will need to remember you have read it so > you don't re-read the cleared version. Forgive my ignorance here. I would expect getText to give us a copy of its internal data; and we can replace the [displayed] text with the setText method. If I modify the char[] from getText, I don't modify the internal data unless setText is subsequently called.
Does the EditText give us access to its private data? > On Saturday, August 4, 2012 7:18:51 PM UTC+1, Jeffrey Walton wrote: >> >> Hi All, >> >> EditText handles text input. We can mask the characters by adding the >> android:password attribute. >> >> We can fetch a copy of the text with getText, and then erase or >> zeroize the data in the char[] when finished. However, its not clear >> to me what happens to the EditText's internal data with >> android:password when the widget is destroyed. Does the EditText >> behave securely by erasing or zeroizing its internal data? >> >> When an application recieves an onPause, I want the EditText to erase >> or zeroize its internal data (data that I have not yet fetched with >> getText). Is it possible to instruct the EditText to erase or zeroize >> its internal data? >> >> Or is there another UI control we should be using? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
