> Then is it safe to assume that if our application creates file then > this file will be not accessable by anyone ?
"Safe" is vague. Based on hackbod's information it would be nearly impossible to gain access to an application's private files. However, there are always extraordinary possibilities such as a privilege escalation exploit allowing a user or process to gain root or the user physically modifying the devices and removing internal storage media. Both of these possibilities are extremely remote. Cheers, Justin Android Team @ Google On Jun 11, 4:14 am, rayback_2 <[EMAIL PROTECTED]> wrote: > Hi, and thanks for prompt responses to all, really appreciate that. > > The keystore itself is password protected, so the the password is > needed to start using keystore (and maybe even another password for > accessing individual entries inside the keystore itself, like > secretkeys and private keys). > > My first problem lies in the possibility of brute-force attacking the > keystore file after it is exported to some external device (like PC). > > >>Out of curiosity, are you interested in protecting your data from > >> access by the user, or malicious access from others? > > We kinda want both. > > We got a scenario where a keystore contains ECDSA keypairs which > should be used by user for signing (who knows passwords). And this > keystore should be protected from malicious users. But even user > himself should not be able to export it to another device (its a > requirement since those keys are used for authentication and other > operations) > > In other scenario we need our application to encrypt some data , thus > we need to keep the keys secret and protect the keys from user too. > > from hackbod's post I understand that the access to internal flash > will be limited to low level services only. And the root access to adb > shell is not what is expected to have. > > Then is it safe to assume that if our application creates file then > this file will be not accessable by anyone ? > > >> For example, we could store an encrypted datafile with a key based on > >> the application signature itself seeded with the device ID. Since the > >> key can be calculated with code, it wouldn't be stored anywhere, so any > >> attacker would have to extract the key from a running program (which is > >> quite hard!); and even if someone did manage this and was able to > >> decrypt the datafile, they'd need to repeat the process on every other > >> phone. > > I guess this is not a good option since device ID can be obtained by > attacker, the same way original application did it. > And since the key is calculated decompiling the code will reveal > internals, so attacker, instead of extracting keys from running > program, would > generate the same key. Just thoughts. > > Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] Announcing the new M5 SDK! http://android-developers.blogspot.com/2008/02/android-sdk-m5-rc14-now-available.html For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
