Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Kotlin static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your KOTLIN code

Filtered: 17 rules found

android

Impact

Clean code attribute

Keyboard cache should be disabled for password inputs

consistency - conventional

security

Vulnerability

Mobile OSes use software keyboards that provide text predictions and suggestions. These keyboards cache text inputs in a local file in order to speed up typing and to recall frequent phrases. When users type sensitive data into a text field where keyboard cache is enabled, the data will be stored in clear-text in a local file. It will keep appearing in the keyboard suggestion list until the cache is cleared.

Why is this an issue?

How can I fix it?

More Info

Keyboard caches are not designed to store sensitive information. Data they contain is not encrypted and can be exposed. In case a backup is performed, the cache file can be included in the backup, which will lead to the password being leakage. When device is shared, other user will see the password in the suggestion list.

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

In-IDE

SaaS

Self-Hosted