Skip to main content

Keyboard Cache

Keyboard caching is more complex on Android than it is on iOS. There is no centrally located file where the cache is stored, and Android allows you to install custom keyboards on a per app basis if desired. Most apps will ship using the standard “GBoard” keyboard which is the default on the device. If the app embeds its own keyboard, then you will most likely discover that during the Static Analysis phase when reviewing the app files on the device.

There are a couple of locations on an Android device where we can look for the standard keyboard cache:

The keyboard cache and personal dictionary files are stored in the application's private data directory, typically located at /data/data/<package.name.of.keyboard.app>/. Common package names include:

  • Gboard (Google Keyboard): /data/data/com.google.android.inputmethod.latin/

    • Within this directory, look for the UserHistory & Personal dictionaries
      • files/personal/userhistory/UserHistory.en_US.dict
      • files/personal/Personal.en_US.dict

  • Default AOSP Keyboard: /data/data/com.android.inputmethodcommon/

  • Samsung Keyboard: /data/data/com.sec.android.inputmethod/

  • User Dictionary (system-wide): /data/data/com.android.providers.userdictionary/databases/user_dict.db

While these files can be reviewed on a rooted device, and they should be on every test, Android also stores all Activities (views) as XML files in the APK. We can easily review these configurations to see if any text field or editor is set to cache words.

Check Text Input Configuration

To check if keyboard caching has been disabled, you can review the XML file configuration. These are typically located in the “res/layout” directory from apktool. If the text field in the app has “hint” text, then it is easy to find the correct configuration. For instance, if it is a password and has the hint text of Password in the text field:

% grep -riE 'android:hint="Password"' .
./layout/activity_main.xml:    <EditText android:id="@id/textPassword" android:layout_width="473.0dip" android:layout_height="56.0dip" android:hint="Password" android:ems="10" android:password="true" android:singleLine="true" android:inputType="textPassword" />

In this example, they have set the android:password=true parameter and the android:inputType=textPassword parameter is set. These parameters will prevent the text input from being cached.

If any of the text fields have “textAutoCorrect” or “textAutoComplete” there is a possibility that those text fields will cache data.

Check the Input Files

There are a couple of locations on an Android device where we can look for the standard keyboard cache:

  • User Dictionary: /data/data/com.android.providers.userdictionary/databases/user_dict.db

  • Input Method: /data/data/com.google.android.inputmethod.latin/

    • files/personal/userhistory/UserHistory.en_US.dict
    • files/personal/Personal.en_US.dict

The User Dictionary is an SQLite database. To open and query the database:

sunfish:/data/data/com.android.providers.userdictionary/databases # sqlite3 user_dict.db                                                             
SQLite version 3.27.2 2019-02-25 16:06:06
Enter ".help" for usage hints.
sqlite> .tables
android_metadata  words           
sqlite> select * from words;
1|Passw0rd1|250|en_US|0|
sqlite> .exit

The .dict files are not database files, but are “data” so you will need to use the strings command to review them:

sunfish:/data/data/com.google.android.inputmethod.latin/files/personal/userhistory # strings UserHistory.en_US.dict

0$>a
We love Marisa.
Passw0rd1

Reset Keyboard Cache

Before testing starts, the keyboard cache should be reset so that you can be sure that any data you find will be associated to the app you are testing!

Default Keyboard

This process is based on the default keyboard that you are using. To find the default keyboard, follow this process (which will vary on the device used).

  • Open the Settings app
  • Scroll down to System
  • Tap on the Keyboard entry

Additionally, you can open the app and tap into any input field to bring up the keyboard. There should be a "gear" icon or "globe" icon which will bring up the keyboard preferences which should tell you which keyboard name.

Clear Cache

This method clears all temporary data (cache) and all saved settings, themes, and learned words (app data). The keyboard will return to its default, "factory reset" state.

  • Open the Settings app
  • Tap on Apps
  • In the Apps view, select "See all XX apps" where XX is the number of apps
  • Near the top, there will be the three-dot menu icon. Tap that icon to bring up the menu
  • Tap on Show System
  • Find the app name for your keyboard
  • Inside the app info for the keyboard app, tap on Storage & cache
  • Tap on the Clear cache (likely the trash can icon)

Note: Keep in mind that these instructions will vary slightly based on keyboard app, device, etc. Some poking around should lead you to the proper place.

References

https://developer.android.com/reference/android/text/InputType

https://developer.android.com/reference/android/widget/TextView