Home/ Questions/Q 9114787
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T04:16:43+00:00

On iOS, I was wondering, say if I read user provided password value as

  • 0

On iOS, I was wondering, say if I read user provided password value as such:

NSString* strPwd = UITextField.text;

//Check 'strPwd'
...

//How to clear out 'strPwd' from RAM?

I just don’t like leaving sensitive data “dangling” in the RAM. Any idea how to zero it out?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Basically you really can’t. There are bugs filed with Apple over this exact issue. Additionally there are problems with UITextField and NSString at a minimum.

    To reiterate the comment in a now deleted answer by @Leo Natan:

    Releasing the enclosing NSString object does not guarantee the string
    bytes are zeroes in memory. Also, if a device is jailbroken, all the
    sandboxing Apple promises will be of no use. However, in this case,
    there is little one can do, as it is possible to swap the entire
    runtime in the middle of the application running, this getting the
    password from the memory.

    Please file another bug with apple requesting this, the more the better.

    Apple Bug Reporter

    • 0