PSPDFKit SDK Security

PSPDFKit has been implemented using the latest and best security practices and is used in security-conscious applications.

  • Encrypted PDFs are supported and cannot be accessed without the matching password.
  • PDF passwords are never persisted.
  • PdfDocument can be encrypted with AES256-CTR and can be decrypted on-the-fly (keeping them only decrypted in-memory). See the AesDataProvider in the catalog app.
  • Code commits are always peer-reviewed and have to pass our large test case set before being merged.
  • We use a large set of compiler warnings and the latest version of Clang Analyzer, Lint, FindBugs, and PMD to detect and fix potential problems before the product is released.

Cache

Rendered pages will be cached to disk by default to ensure fast display and browsing. This cache can both be customized on the activity or fragment level and can also be turned off completely.

Security related considerations

  • PSPDFKit might keep parts of extracted text, annotations or password in memory to perform the requested operations. If rogue code has access to your application's memory, there is nothing you can do and the device has already been compromised. Such might happen when the device is rooted.
  • By default PSPDFKit does not prevent taking screenshots. To prevent screenshot taking (as well as showing the window on non-secure screens) you can set the FLAG_SECURE window flag in your custom activity.
  • The default value of PdfConfiguration.Builder#videoPlaybackEnabled depends on the exploitability of a device. To prevent Stagefright exploits from malicious videos this means:
    • On devices with API 23+ and security patch dating Feb 1st 2016 or newer, video playback is enabled by default. These devices are not vulnerable to Stagefright exploits anymore.
    • On devices with API <23 or on devices with API 23+ but a security patch before Feb 1st 2016, video playback is disabled by default. You can however maunually enable video playback for your app via PdfConfiguration.Builder#videoPlaybackEnabled.

Network Access

PSPDFKit only performs network access when required for following actions:

  • Accessing images/videos/audio from the gallery (using the YouTube or Picasso libraries)
  • Simple analytics for demo, nightly and beta builds/licenses.
  • Via the inline WebView, if an URL prefixed with pspdfkit:// was tapped.