This isn't really an Android issue. Anyone who gives out credentials for any purpose needs to consider that they may be compromised.
The usual ways of dealing with it are to time-limit them, and to allow them to be revoked. But what I think REALLY should be done, is to issue credentials with two components, one revocable by the issuer, and one revocable by the recipient. So, on losing your phone, you go to a website, and invalidate all the credentials that were associated with the phone. This wouldn't deny you access, just force you to go through the re- credentialing process for each affected entity, using a reissued token. You could see extending this to three components, so a company with accounts with Salesforce.com and similar things, could revoke access for a terminated employee, for example. In this case, the access token would not be reissued. On Dec 31, 10:58 am, Dianne Hackborn <[email protected]> wrote: > On Fri, Dec 31, 2010 at 6:15 AM, jacek <[email protected]> wrote: > > So -- how about getting credentials from the Cloud (over SSL) > > and hiding in AccountManager's Account? > > Though again, this hasn't protected you, just made it harder. Your data is > still there on the device, for someone with root access to find and > retrieve. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
