If you encrypt on the phone side with a known pass (assuming your using symmetric keys) then all the hacker has to do is find your password ( and salt if you use one) you used to create it and decrypt it.
I would if possible use asymmetric keys. (public/private) I've not used them on Android so you would have to figure out if it's possible, I'm guessing it is since LVL uses that. On Oct 5, 12:34 pm, Dimitris <[email protected]> wrote: > Yes, look for CipherOutputStream and CipherInputStream for writing and > reading the file safely. I would use a symmetric encryption algorithm > such as AES unless the XML is coming from a web service. > > On Oct 5, 9:18 am, Kostya Vasilyev <[email protected]> wrote: > > > 05.10.2010 19:59, DanH пишет: > > > > If you encrypt the entire XML file you won't be able to use Android's > > > "compiled' XML access tools, and you'll expose the unencrypted file on > > > the phone. If you encrypt individual entries then you have a > > > complicated build process and, due to the shorter elements being > > > encrypted, a more complicated decryption process and (technically) > > > less secure encryption. > > > It's possible to use CipherInputStream to do on-the-fly decryption while > > reading data from a file or from the network. > > > Per-application data files located in phone storage are private, and > > could be used to cache decrypted data. Unless, of course, the user roots > > their phone, but that's not commonplace. > > > -- > > Kostya Vasilyev -- WiFi Manager + pretty widget > > --http://kmansoft.wordpress.com > > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
