I'm using AFNetworking as my basic networking library. When I do a memory dump on a jailbroken phone (iPhone 4, iOS 7.1), I can easily see request urls and/or responses (such as json objects) in the dump files in plain text. I checked with the memory leak tool in Xcode and there is no memory leak based on that.
My app has sensitive data in the urls or responses (Like user's name, email address, etc), which are listed in the OWASP mobile risks (M4: Unintended Data Leakage). We are required to be in compliance with these standards so I want to clean this information right after the connection finished. What I have done so far:
1) Set the cache policy in the AFNetworking to NSURLRequestReloadIgnoringLocalCacheData
2) Disabling the NSURLCache in the app:
NSURLCache *sharedCache = [[NSURLCache alloc] initWithMemoryCapacity:0 diskCapacity:0 diskPath:nil];
[NSURLCache setSharedURLCache:sharedCache];3) I also tried:
[[NSURLCache sharedURLCache] removeAllCachedResponses];or
[[NSURLCache sharedURLCache] removeCachedResponseForRequest:NSURLRequest];after every network request.
But none of the above have resolved the problem. Can anyone help me figure out how to do this? Any help will be appreciated.