How does 1Password iOS/macOS app securely reset sensitive data i memory?
Hello dear AgileBits! This is a question for your iOS/macOS engineers.
First of all, is the iOS app written in pure Swift, pure ObjC or a mixture of both?
I wonder what happens after I have unlocked my vault(s) using my master password in the iOS/macOS client(s). And when I copied a password from one of my logins. How do you ensure that the data is secured again? You probably set the value at those memory addresses to zeros?
I understand that that is tricky in some programming languages because the compiler might optimize away such functions, so it is not really known if the data is indeed overwritten.
I was wondering if you could share the specific code you use?
1Password Version: 7.0.7
Extension Version: 4.7.2.90
OS Version: 10.13.5
Sync Type: Not Provided
Comments
-
Hi @Sajjon,
Thanks for your interest in understanding more of what 1Password does and how it works under the hood. I can say that 1Password for iOS is written mostly in Objective C, with some Swift. We also have a cross-platform shared library that is written in Go. 1Password is not an open source project, and as such I’m not in a position to share any code, but I can say that we do make our best effort to remove secrets from memory. Much of this is dependent on the OS, though. I would mention that if the device is in such a state that other apps can read from 1Password’s memory that the device may be compromised in a way that no app could really effectively protect against that.
I'm sorry I don't have a more specific answer to share, but I hope that helps.
Ben
0
