I have created a password manager for Android (see its website) which has a feature being loved by many users: "QuickUnlock". The password databases are often encrypted with strong and long passwords, but when unlocking the database once, the app is kept alive (with a service with an ongoing notification) as long as possible. So if the user wants to access the next password, it is sufficient to enter only a short part of the password. This is possible because the database (including the master password is still in memory). (If the phone is stolen, an "attacker" has only one chance of guessing the short password. After this, the database is locked completely.)
This has two major disadvantages:
- The app requires quite a lot of memory as it is based on Mono for Android which comes with relatively big libraries
- Sometimes the app is killed despite of the ongoing notification and the user needs to enter the long master password again.
Now I am looking for a way to make the UX even better. I don't think it's an option to store the master password or even parts of it on the SD card or in the internal persistent memory. It should remain in RAM only.
Is there any way to keep (a few bytes of) data in memory but still allow the application being killed? I was thinking of some kind of Intent that could be passed to the app when being recreated? How could this be done?
Thanks for any hint!
