I run memory dump on my app's memory and find out that it still holds some
sensitive data that was not supposed to stay there after logout.
(note: I have generated the memory dump while in debug mode).
after some investigation I have found out that it is actually the full JSON I am sending via
Almofire (HTTP network library) that is still in memory.
I suspected the issue is with the JSONEncoder
so I have created a small app having a simple button that run the next code:
func encodeJson() {
let encoder = JSONEncoder()
var dic: [String: String] = [
"email": "[email protected]",
"password": "somePassord",
"appName": "test app",
"version": "1.1.1",
"os": "ios",
]
do {
let data = try encoder.encode(dic)
dic = [:]
} catch {
}
}
after clicking the button multiple times in a row, I found that the JSON is still in memory (the serialized json, not the dictionary) even after
the function finished running!
Is there a known memory leak with JSONEncoder?
Is there a different reasoning to the issue that I am missing?
I have read that developers were complaining about related issues with JSONEncoder but didn't find any solutions.
the reason why it is a security issue: in a jail broken device, one can steal sensitive data after user have logged out after installing a phishing app.