I am working with some content which I decrypt from a file in Android and which needs to remain for the entire duration of the application in memory. Is this a security risk from crackers? If so, does Android offer some form of in-memory protection of sensitive content similar to Windows’ process secure memory access protection mechanism?
I am not looking for storage via SharedPreferences in Private mode, I would need some memory zone which is inaccessible for tampering. Would storing data in native buffers be a good route? I also realize that non-mutable, garbage-collected String objects are probably a very bad idea for storing this data and I am currently using char[].
The memory of an Android process can only be accessed by that app’s user account or a superuser. Hence, anyone with superuser privileges (in Android terms: rooted device users) could, in principle, access your process’ memory using a kernel debugger.
AFAIK, every modern operating system works under a similar model. Hence, Android is no less secure in this respect than is Windows, OS X, Linux, etc. In fact, Android is using actual Linux process security for its own implementation.
See Accessing any memory locations under Linux 2.6.x for more.
That would have no impact.