MASTG-TEST-0006: Determining Whether the Keyboard Cache Is Disabled for Text Input Fields
Deprecated Test
This test isdeprecated and should not be used anymore.Reason: New version available in MASTG V2
Please check the following MASTG v2 tests that cover this v1 test:
Overview¶
Static Analysis¶
In the layout definition of an activity, you can defineTextViews that have XML attributes. If the XML attributeandroid:inputType is given the valuetextNoSuggestions, the keyboard cache will not be shown when the input field is selected. The user will have to type everything manually.
<EditTextandroid:id="@+id/KeyBoardCache"android:inputType="textNoSuggestions"/>The code for all input fields that take sensitive information should include this XML attribute todisable the keyboard suggestions.
Alternatively, the developer can use the following constants:
XMLandroid:inputType | CodeInputType | API level |
|---|---|---|
textPassword | TYPE_TEXT_VARIATION_PASSWORD | 3 |
textVisiblePassword | TYPE_TEXT_VARIATION_VISIBLE_PASSWORD | 3 |
numberPassword | TYPE_NUMBER_VARIATION_PASSWORD | 11 |
textWebPassword | TYPE_TEXT_VARIATION_WEB_PASSWORD | 11 |
Check the application code to verify that none of the input types are being overwritten. For example, by doingfindViewById(R.id.KeyBoardCache).setInputType(InputType.TYPE_CLASS_TEXT) the input type of the input fieldKeyBoardCache is set totext reenabling the keyboard cache.
Finally, check the minimum required SDK version in the Android Manifest (android:minSdkVersion) since it must support the used constants (for example, Android SDK version 11 is required fortextWebPassword). Otherwise, the compiled app would not honor the used input type constants allowing keyboard caching.
Dynamic Analysis¶
Start the app and click in the input fields that take sensitive data. If strings are suggested, the keyboard cache has not been disabled for these fields.