Luis,
You might look into a suitable way of securing data on the SDcard. It's a FAT file system, so you can't use UNIX permissions to restrict applications. Officially, nothing sensitive is supposed to be placed on the SDcard. However, there are some situations (at least in my research) where it would be nice to show through some sort of analysis that two applications truly are isolated and can't share data, even through the SDcard.
The difficulty is that the SDcard needs to be FAT, because the PC mounts it. I read on one of the Android mailing lists a while back that there is a desire not to make kernel modifications to support such isolation. That may, or may not, be a requirement for you.
This leaves the question of how to add security to the SDcard in such a way that it still allows the user to access all of the files when mounted on a PC.
I've tried to get some Masters students here at Penn State to look at the problem, but no one bit (yet). It's not a particularly deep research problem, but it's something I'd like to see a good solution for. Part of your evaluation should look at how existing applications use the SDcard and whether or not your solution breaks these applications. Theoretically, Content Providers should be used, but this might not always be the case.
Best, -Will Luis wrote:
Hi all, I am looking to contribute to Android security and at the same time write my thesis. I have experience in C++ programming as well as other languages; and also in coporate security management. Any ideas of topics where I could help? Luis
