PSPDFKit SDK Security
PSPDFKit has been implemented using the latest and best security practices and is used in security-conscious applications.
- Encrypted PDFs are supported and cannot be accessed without the matching password.
- PDF passwords are never persisted.
PdfDocumentcan be encrypted with AES256-CTR and can be decrypted on the fly (keeping it only decrypted in memory). See
AesDataProviderin the Catalog app for more information.
- Code commits are always peer reviewed and have to pass our large test case set before being merged.
- We use a large set of compiler warnings and the latest version of Clang Analyzer, the Android
linttool, Error Prone, and PMD to detect and fix potential problems before the product is released.
Rendered pages will be cached to disk by default to ensure fast display and browsing. This cache can be customized on both the activity and fragment level and can also be turned off completely.
- PSPDFKit might keep parts of extracted text, annotations, or passwords in memory to perform the requested operations. If rogue code has access to your application’s memory, there is nothing you can do and the device has already been compromised. This could happen if a device is rooted.
- By default, PSPDFKit does not prevent taking screenshots. To prevent screenshot taking (as well as showing the window on non-secure screens), you can set the
FLAG_SECUREwindow flag in your custom activity.
- The default value of
PdfConfiguration.Builder#videoPlaybackEnableddepends on the exploitability of a device. To prevent Stagefright exploits from malicious videos this means:
- On devices with API 23+ and a security patch dating 01 February 2016 or newer, video playback is enabled by default. These devices are no longer vulnerable to Stagefright exploits.
- On devices with API <23 or on devices with API 23+ but with a security patch from before 01 February 2016, video playback is disabled by default. You can, however, manually enable video playback for your app via
PSPDFKit only performs network access when required for the following actions:
- Accessing images/videos/audio from the gallery (using the YouTube or Picasso libraries).
- Simple analytics for demo, nightly, and beta builds/licenses.
- Via the inline
WebView, if a URL prefixed with