Is it better to use NSMutableString or NSMutableData to delete data from the memory?

Hi, I need to replace some of the NSString data I am using into mutable objects in order to erase any trace of the data in the memory.

I have looked for a long time every (best) means to do it and found that using NSMutableData along with the method : https://developer.apple.com/documentation/foundation/nsmutabledata/1415526-resetbytesinrange?language=objc but I found no similar method for NSMutableString and that brings to me the following question :

Is it possible to use NSMutableString objects in a similar way to delete easily the memory and be sure that the pointer is not just placed somewhere else and the previous data still remains?

It would be a lot easier for me to just replace the NSString with NSMutableString rather than NSMutableData.

Replies

Doesn't sound like NSMS is your friend in that example...


Seen this thread?


https://stackoverflow.com/questions/2361981/sensitive-data-nsstring-vs-nsmutablestring-iphone

You are assuming that the system will mutate the string in its current location rather than duplicate the string in the process mutating and store that with a new pointer, leaving the old string behind. That's risky - and I think KMT points to a discussion of that risk. But, to answer your question, you can 'rely' on this just as you are 'relying' on your NSMutableData method:


https://developer.apple.com/documentation/foundation/nsmutablestring/1416524-replacecharactersinrange?language=objc


Another approach is to take your original 'sensitive data' and encode it before placing it in memory. Then anytime you want to use it you decode it.

in order to erase any trace of the data in the memory

This question comes up a lot and there’s no feasible general-purpose solution. My posts on this thread explain why.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

No that is my problem, I am pretty aware that there is a big risk that the location changes even with mutable data, but I read information (maybe wrong?) saying that it shouldn't be the case with NSMutableData.

Regarding the encoding part, I am afraid that the data will be automatically stored by the encoding method, but maybe I am to suspicious about it and it won't do a thing like that and it can be a solution.

Thanks !

Okay I just read it all, thank you very much.

It is unfortunate that there is no easy (nor certain) way to do that. I thought that maybe on Apple forums there might be more reliable or new information about it but well it is pretty much the same everywhere after all 🙂

I think going low level to do this might be a little tricky but I will see what I'll choose.

Thank you for your time !

One solution is to avoid storing sensitive information. For example, you could immediately hash a user's password.....

            NSError *error;
            NSData *data =[NSPropertyListSerialization dataWithPropertyList:
                    [NSArray arrayWithObjects:myUITextFieldPassword.text,
                      @"a salt string",nil] format:NSPropertyListXMLFormat_v1_0 options:0 error:&error ];
            unsigned char result[CC_SHA1_DIGEST_LENGTH];
            CC_SHA1([data bytes], (unsigned int)[data length], result);
            myUITextFieldPassword.text="Hashed";  

One solution is to avoid storing sensitive information.

But that doesn’t really help. I’m going to presume that, in your example,

myUITextFieldPassword
is a
UITextField
. If so, you have no control over how that field is storing the string. There two concrete concerns here:
  • You can’t scrub the memory of the string returned by the

    text
    property because you don’t control how that memory was allocated.
  • Internally, the text field may have generated lots of copies of this string.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"