>>> import ctypes
>>> a = 5
>>> address = id(a)
>>> address
4307917216
>>> ctypes.cast(address, ctypes.py_object).value
5
>>> a = 3
>>> ctypes.cast(address, ctypes.py_object).value
5
Similarly, regardless of whether you flag some UITextField as Secure Text Entry or not, it always returns data in the form of a String or NSString.
On the other hand, using the overwritten data outside the compiler’s scope (e.g., serializing it in a temp file) guarantees that it will be overwritten but obviously impacts performance and maintenance. You should try to overwrite critical objects with random data or content from non-critical objects. This will make it really difficult to construct scanners that can identify sensitive data on the basis of its management. This can be only done by low-level languages because the compilers and just-in-time virtual machines will ignore those operations for performance reasons if the optimization routines detect that the buffer is no longer used after being overwritten.
Android:
- ✅
byte[] - ✅
char[] - 🚫
String - 🚫
BigInteger - ⚠️
StringBuffer- mutable, but non-primitive. Use immutable types. - ⚠️
StringBuilder- mutable, but non-primitive. Use immutable types.
iOS:
- ✅
int[] - ✅
char[] - 🚫
NSString - 🚫
String - 🚫 non-collections even if claimed to be mutable
- ✅
Arraywithcharorint - ✅
Setwithcharorint - ✅
Dictionarywithcharorint
References
Mutable vs immutable - https://freecontent.manning.com/mutable-and-immutable-objects/.
https://stackoverflow.com/questions/52553910/how-to-get-value-from-an-address-in-python/52554027