Currently, I’m creating a new SDK that contains sensitive fields that shouldn’t be read by the consumers (Think Credit Card Number field) and I’m using Jetpack Compose to create the forms, my question is, is it possible to do a reflection on Jetpack Compose, compromise the user privacy and read their credit card numbers for example?
I tried reading declared fields / declared methods via reflection but didn’t find anything important that’s possible to compromise are there any other ways to do this or to prevent this from happening?
The consumers will start a specific activity that contains the composables and they will receive results once the user finished this activity
For your specific concern, this is the best possible implementation for an in-app SDK that has its own UI. It is theoretically possible for a developer to obtain the credit card number being collected by your TextField(), BasicTextField(), or other composable. However, it would be even easier for them to obtain the credit card number from an EditText, so your use of Compose UI is, if anything, improving your position.
Basically, so long as you have the UI in the consumer's app, there will be some way to get at that UI and its contents.