Programming in C always requires caution when it comes to memory security. Because we handle sensitive data, we decided to clear all allocated memory before freeing it. To do this we wrote our own memory allocator (wrapper) and a custom free. By clearing all allocated memory and not only the parts known to be sensitive we ensure that all sensitive data is overwritten before freed. (Even if there is a refresh token as part of a server response.) Sensitive data on the stack is explicitly overwritten after usage.