Some things that might help put things in better perspective: There are two storage areas, internal flash and external flash. External flash is an SD card you can manually insert and remove from the phone, and as such there is no security applied to the files there (all files are world readable and writable) because (a) it uses a FAT filesystem and (b) the user can always remove the card and do whatever they want with its contents. The internal flash can not be removed, and is strongly protected with permissions in the file system as described in http://code.google.com/android/devel/security.html
In the current SDK you have the permission enforcement is a little more lax than it will be on a shipping device, because there are a few pieces that are incomplete and the emulator is configured for development and not normal usage. Most importantly, there are two things running as root that will not be root on a shipping device: - The system process in the current SDK is running as root, but on actual devices will be running as a normal user. This means that the vast bulk of the system itself can not even access private application files: those applications are running as a different user, files in the internal flash are not created world accessible by default, so the system itself can't touch them. There are a very few low-level services (like init and a few others) running as root, and one of these provides the basic file system manipulation needed by the higher- level system: creating a data area for an application, removing the data files of an application, etc. These don't allow the system, let alone other applications, to actually read those files. - When you adb shell on to a device, the shell you get is currently running as root, but again on an actual device this will be running as its own dedicated user and thus not have access to private application files. So on a production device it is possible that the user will not be able to directly read an application's files if the application doesn't let them, though of course the system could be configured to allow the user to get root, depending on how the manufacturer wants to set things up. I would assume that in most cases this won't be allowed, however, due to things like DRM. Out of curiosity, are you interested in protecting your data from access by the user, or malicious access from others? On Jun 10, 5:06 am, rayback_2 <[EMAIL PROTECTED]> wrote: > Hi > > My puprose is to safely store a secretkeys ,used for encryption/ > decryption process., in a keystore file in android. The keystore is > password protected, but open to brute force attacks if it can be > exported to regular PCs. > > I read in SDK that application can not access private memory of other > applications, which is great, so inside a phone I am considering > myself as safe. My concern is when the phone (device) is connected to > computer, then everything is exportable to computer (as in emulator), > and so is the keystore file which is then open to attacks. > > One solution to this would be to use cryptographic mini/microSD cards, > but its rather expensive (and beside could not find such a product > too). > > So my question is : Is there any area inside an android, where we > could keep a private data which will not be exportable in any way ? > > Sincerely > Ray --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] Announcing the new M5 SDK! http://android-developers.blogspot.com/2008/02/android-sdk-m5-rc14-now-available.html For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
