2009/7/21 Markus Junginger <[email protected]> > Given this, I guess a secure solution is impossible on rooted phones > in a strict sense (again, I am no security expert) because you can > reverse engineer code and access all data. The question is if there > are means to increase security to a level that makes significantly > harder for attackers while spending only a reasonable effort.
Nothing is 100% secure, the goal is to slow people down, not to think that anything is or will be 100% secure 100% of the time. For example, I have heard of Keychain, which Developers can use on > MacOS X and iPhone to store data securely, but I do not know how it > works and how secure it actually is. Actually for the description you gave that would be a bad idea, since the key to unlock the file would be on the handset. If it's just a single file that makes things considerably easier, however I'm not really qualified to answer this either, but I am aware enough to know I'm not qualified enough to make such statements :) A simple approach would not to store the file on the phone in the first place and only access it as needed over the net. Alternatively you could encrypt the file using AES encryption, and use a RSA key pair to authenticate with the server and access the password to decrypt the file is downloaded as needed, if the handset is compromised you simply remove the public key from the server and it can no longer decrypt that file. The solution really depends on the actual requirements and how much resources you are willing to throw at the problem. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
