Best Practices for Removing/Zeroing Security-Sensitive Images?
Can anyone point me to best practice resources for cleaning sensitive runtime images?
Consider a scenario where a sensitive image is downloaded from the server at runtime, loaded into a Bitmap object, and then displayed in an ImageView in a fragment.
When the user leaves that screen, or the app exits/goes into the background for a long time, I want to clear that image data so that it is not easy to recover.
I wonder if there is a reliable way to zero out bitmap data as soon as the fragment containing the image is destroyed?
This is tricky for me because bitmaps are usually returned as immutable objects, e.g. BitmapFactory.decodeByteArray says:
Decode an immutable bitmap from the specified byte array.
Presumably I have to create a mutable Bitmap and then copy its data?
Looks like recycle() didn’t help me, Because this only marks the data as available for garbage collection, it does not delete it.
Solution
You can simply clear
the bitmap using
someBitmap.eraseColor(android.graphics.Color.TRANSPARENT);
It will fill the bitmap with TRANSPARENT color and remove everything on it.
However, if you do not have any references to your bitmap (for example, you have set null to the ImageView that contains your Bitmap, as shown below
).
someImageView.setDrawable(null)
The garbage collector should collect it soon.