That is what I meant - call setText() with some rubbish after you have read it.
On Saturday, August 4, 2012 8:02:28 PM UTC+1, Jeffrey Walton wrote: > > On Sat, Aug 4, 2012 at 2:51 PM, RichardC <[email protected]> > wrote: > > How about clearing yourself? You will need to remember you have read it > so > > you don't re-read the cleared version. > Forgive my ignorance here. I would expect getText to give us a copy of > its internal data; and we can replace the [displayed] text with the > setText method. If I modify the char[] from getText, I don't modify > the internal data unless setText is subsequently called. > > Does the EditText give us access to its private data? > > > On Saturday, August 4, 2012 7:18:51 PM UTC+1, Jeffrey Walton wrote: > >> > >> Hi All, > >> > >> EditText handles text input. We can mask the characters by adding the > >> android:password attribute. > >> > >> We can fetch a copy of the text with getText, and then erase or > >> zeroize the data in the char[] when finished. However, its not clear > >> to me what happens to the EditText's internal data with > >> android:password when the widget is destroyed. Does the EditText > >> behave securely by erasing or zeroizing its internal data? > >> > >> When an application recieves an onPause, I want the EditText to erase > >> or zeroize its internal data (data that I have not yet fetched with > >> getText). Is it possible to instruct the EditText to erase or zeroize > >> its internal data? > >> > >> Or is there another UI control we should be using? > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/pkN17H05fuIJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
