Best practice on removing / resetting a security-sensitive image?

Can anybody point me at resources with best practice on clearing sensitive runtime images?

Consider a scenario where a sensitive image is downloaded from a server at runtime, loaded into a Bitmap object, and is then displayed in an ImageView in a Fragment.

When the user leaves that screen, or the app is exited/put in the background for a long time, then I want to clear that image data so that it isn’t easy to recover.

I was wondering if there is a reliable way to zero out the bitmap data as soon as the Fragment containing the image is destroyed?

This feel tricky to me, as Bitmaps are usually returned as immutable objects, e.g. BitmapFactory.decodeByteArray
says:

Decode an immutable bitmap from the specified byte array.

Presumably I would have to create a mutable Bitmap
and then copy over its data?

It looks like recycle()
won’t help me, as that will just mark the data as available for garbage collection, it won’t wipe it.

You can simply clear the Bitmap
using

someBitmap.eraseColor(android.graphics.Color.TRANSPARENT);

It will fill the bitmap with TRANSPARENT
color and erase everything on it. However, if you have no any references to your bitmap (e.g. you’ve set null
to ImageView
that was containing your Bitmap
like this

someImageView.setDrawable(null)

the garbage collector should collect it shortly.

Hello, buddy!稿源:Hello, buddy! (源链) | 关于 | 阅读提示

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 移动开发 » Best practice on removing / resetting a security-sensitive image?

喜欢 (0)or分享给?

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录