Can an "attacker" get the value of a local variable in a method of an Android app?

642 views Asked by At

I read all the answers from Does it help GC to null local variables in Java where everybody agrees that by nullifying a local variable in Java does not help the GC (with some specific exceptions mentioned there). However I refer now not to Java in general, but to an Android app. Moreover, my goal is not merely to "help the GC" but to prevent a possible attacker from getting the value of the local variable before the attacker could ask for a memory dump. (Assuming the attacker has this ability.)

In short, here's my question: is it safer to assign some random value to a local variable in an Android app immediately after the actual value is no longer needed, or is this as safe as relying on GC? Why?

2

There are 2 answers

0
Dmytro Chaban On

Keep local variables in the private, so they can't access from outside of this class.

7
nickle_nine On

Each Android app runs inside it's own sandbox. Your app's variables will be safe as long as you don't expose it to other applications, such as via content providers or writing variables to external storage (microsd card). Another thing to avoid is installing apps that ask for any suspicious permissions or an excessive amount.

Here is a helpful reference from Google for app security: http://developer.android.com/training/articles/security-tips.html