Jaeho Lee (Rice University), Ang Chen (Rice University), Dan S. Wallach (Rice University)
A good security practice for handling sensitive data,
such as passwords, is to overwrite the data buffers with zeros once
the data is no longer in use. This protects against attackers who
gain a snapshot of a device’s physical memory, whether by in-
person physical attacks, or by remote attacks like Meltdown and
Spectre. This paper looks at unnecessary password retention in
Android phones by popular apps, secure password management
apps, and even the lockscreen system process. We have performed
a comprehensive analysis of the Android framework and a variety
of apps, and discovered that passwords can survive in a variety of
locations, including UI widgets where users enter their passwords,
apps that retain passwords rather than exchange them for tokens,
old copies not yet reused by garbage collectors, and buffers in
keyboard apps. We have developed solutions that successfully fix
these problems with modest code changes.