I have zero problems with using a servers, but my customers do. My app doesn't require an Internet permission and I intend it to keep it that way.
By "sensitive" I dont' really mean to the point where if I steal a user's phone, I can drain his bank account empty. The worse that will happen is they find out how much I make. It's nothing a Chinese person wouldn't flat out ask you and would expect an honest answer :) On May 30, 12:14 pm, Nikolay Elenkov <[email protected]> wrote: > On Mon, May 30, 2011 at 12:51 PM, Bob Kerns <[email protected]> wrote: > > Don't worry about the terminology -- "ad hoc wifi network" is what you're > > looking for. I just wanted to figure out what you intended to say. > > > Hmm, "peer-to-peer" and "sensitive financial data" has me a bit concerned. > > I don't advocate sending sensitive data, via servers or not, unencrypted. I > > hope you're using some sort of public key encryption, with a secure key > > exchange, such as Diffie-Hellman. If all I have to do is eavesdrop on your > > NFC communications.... (The role of the public key encryption part is to > > give you a way to strongly identify the recipient you're exchanging the > > encryption keys with). > > It might actually be easier and more secure to exchange just URLs, and > have the app get the data via https *and* authenticate to the server, rather > than trying to implement a secure protocol on top of NFC. That way the app > can be sure it's talking to the right server (server certificate) and > the server > can be sure it's giving the data to the right person (Google account, etc. > authentication). -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
