RSS Feed

Mutable vs Immutable

Created: 05.10.2020
>>> import ctypes

>>> a = 5
>>> address = id(a)
>>> address
>>> ctypes.cast(address, ctypes.py_object).value
>>> a = 3
>>> ctypes.cast(address, ctypes.py_object).value

Similarly, regardless of whether you flag some UITextField as Secure Text Entry or not, it always returns data in the form of a String or NSString.

On the other hand, using the overwritten data outside the compiler’s scope (e.g., serializing it in a temp file) guarantees that it will be overwritten but obviously impacts performance and maintenance. You should try to overwrite critical objects with random data or content from non-critical objects. This will make it really difficult to construct scanners that can identify sensitive data on the basis of its management. This can be only done by low-level languages because the compilers and just-in-time virtual machines will ignore those operations for performance reasons if the optimization routines detect that the buffer is no longer used after being overwritten.


  • byte[]
  • char[]
  • 🚫 String
  • 🚫 BigInteger
  • ⚠️ StringBuffer - mutable, but non-primitive. Use immutable types.
  • ⚠️ StringBuilder - mutable, but non-primitive. Use immutable types.


  • int[]
  • char[]
  • 🚫 NSString
  • 🚫 String
  • 🚫 non-collections even if claimed to be mutable
  • Array with char or int
  • Set with char or int
  • Dictionary with char or int


Mutable vs immutable - https://freecontent.manning.com/mutable-and-immutable-objects/.