Disable caching and keyboard suggestions for sensitive input fields
<EditText
android:id="@+id/inputField"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:hint="Enter sensitive data" />
<TextView
android:id="@+id/outputField"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:text="Sensitive data displayed here" />
In this example, an
EditText field is used to accept user input but does
not specify
android:inputType="textNoSuggestions", which means the keyboard
may cache and suggest previously entered data.
Similarly,
TextView elements used for user input display may also expose
cached values if
android:inputType is not properly set.
Attackers or malicious applications could retrieve cached keyboard inputs,
potentially exposing sensitive data like passwords, credit card numbers, or
personally identifiable information.
<EditText
android:id="@+id/inputField"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:hint="Enter sensitive data"
android:inputType="textNoSuggestions" />
<TextView
android:id="@+id/outputField"
android:layout_width="match_parent"
android:height="wrap_content"
android:text="Sensitive data displayed here"
android:inputType="textNoSuggestions" />
The secure code ensures that
android:inputType="textNoSuggestions" is applied
to
EditText and
TextView elements to prevent caching and keyboard suggestions.
This setting disables keyboard learning for these fields, preventing previously
entered data from being suggested or cached.