I see :-) It sounds good for this security mechanism. However, I still don't know how to make an application-specific keystore for certain application only... And it sounds that Android has already provided a way for applications to safely create their own certification rather than system certification like u mentioned? Is there a guideline for this? I need this for a HTTPS connection to a weather channel site and retrieve weather information back.
Thanks for ur help Best regards, Nicholas On 12月19日, 下午4時01分, Al Sutton <a...@funkyandroid.com> wrote: > There is a very good reason why applications shouldn't be able to add > certificates to the system keystore, and that's security. > > If an application wants a user to trust a certificate for the actions > the application it's performing then that is decision made by the user > in the context of that application. The application should not add that > certificate to the system keystore because that would mean the the > certificate becomes trusted in all applications, which is not what the > user agreed to. > > Drawing a parallel with the desktop world; If I trust an SSL cert in > FireFox that does not (and should not) make it a trusted certificate in > Thunderbird. > > As a developer and a user I see it as a good thing that Android doesn't > let applications do this, and I would be against any change to this > policy just to make developers lives a bit easier. > > Al. > > > > yukinoba wrote: > > hi, > > > I have surveyed lots of solutions to this problem. However, most > > solutions break (or say, cheat) the SSL verification for development > > usage, and surely I don't want to make this kind of solutions in my > > own application. Could you help to provide a guideline how to create > > application-specific keystore? I have been read KeyStore class in the > > Android SDK document but still has no idea how to make it. > > > Thanks for ur help > > > Best regards, > > Nicholas > > > On 12月12日, 上午1時00分, Michael <michael573...@gmail.com> wrote: > > >> Yep, join the club. Lots of us are complaining about the inability to > >> add certificates to the system keystore. > > >> One way that people have been working around this (in apps like > >> k9mail, for example), is to use an application-specific keystore. > > -- > ====== > Funky Android Limited is registered in England & Wales with the > company number 6741909. The registered head office is Kemp House, > 152-160 City Road, London, EC1V 2NX, UK. > > The views expressed in this email are those of the author and not > necessarily those of Funky Android Limited, it's associates, or it's > subsidiaries. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---