Getting a char array from the user without using a String

Question

I want to acquire a password string from the user on Android.

I do not want this string to be stored in a Java String at any point in the process from when the user

Answer 1

There are two possible situations your application may encounter:

1. All applications are properly sand-boxed in their environment. In this case you should not worry about your passwords, because other processes cannot access your process memory, no matter if there are Strings or byte[] arrays in there.

2. There's a rogue application with superuser access. In this case you should not worry about Strings either, because there are too many places to intercept your passwords, so Strings should be close to the bottom of the list of things to worry about.