Well, I am just throwing idea out there. I haven't decided on NFC or that it would use encryption -- it might based on your feedback. I just won't be going the centralized server route, that's I am 100% certain about.
Salary information is sensitive enough in the Western world, but if you ever drive around in a taxi in Beijing, don't be surprised if the driver will ask you hold old you are, if you are married and how much money you make. It's a cultural thing. On May 30, 1:06 pm, Bob Kerns <[email protected]> wrote: > Ah. Well, I'm going to assume you understand your customers (but suggest you > always question whether you do! :=) > > Indeed, one should always keep one's security practices in conformity with > the nature of what you are protecting. > > But I would certainly consider salary information to be sensitive enough to > justify encryption. But you're not giving us a lot of detail, so I guess I > can't say much more. (I am not faulting you for that). > > Good luck. > > > > On Sunday, May 29, 2011 9:21:39 PM UTC-7, Zsolt Vasvari wrote: > > > I have zero problems with using a servers, but my customers do. My > > app doesn't require an Internet permission and I intend it to keep it > > that way. > > > By "sensitive" I dont' really mean to the point where if I steal a > > user's phone, I can drain his bank account empty. The worse that will > > happen is they find out how much I make. It's nothing a Chinese > > person wouldn't flat out ask you and would expect an honest answer :) > > > On May 30, 12:14 pm, Nikolay Elenkov <[email protected]> > > wrote: > > > On Mon, May 30, 2011 at 12:51 PM, Bob Kerns <[email protected]> wrote: > > > > Don't worry about the terminology -- "ad hoc wifi network" is what > > you're > > > > looking for. I just wanted to figure out what you intended to say. > > > > > Hmm, "peer-to-peer" and "sensitive financial data" has me a bit > > concerned. > > > > I don't advocate sending sensitive data, via servers or not, > > unencrypted. I > > > > hope you're using some sort of public key encryption, with a secure key > > > > > exchange, such as Diffie-Hellman. If all I have to do is eavesdrop on > > your > > > > NFC communications.... (The role of the public key encryption part is > > to > > > > give you a way to strongly identify the recipient you're exchanging the > > > > > encryption keys with). > > > > It might actually be easier and more secure to exchange just URLs, and > > > have the app get the data via https *and* authenticate to the server, > > rather > > > than trying to implement a secure protocol on top of NFC. That way the > > app > > > can be sure it's talking to the right server (server certificate) and > > > the server > > > can be sure it's giving the data to the right person (Google account, > > etc. > > > authentication).- Hide quoted text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
