Thanks for promoting this project :) I fully agree with the previous posts on this topic; Google did a great job with Android and they need to concentrate their resources on certain aspects of the platform where "Enterprise Security" like discussed is not in focus right now. That's ok because - as pointed out - Open Source indicates that it can be added by interested parties as well. As Anders made clear, security is more than just adding a patch - you must have a security architecture with an overall goal. This cannot be a contribution of a single person (or company), it needs to be validated and supported by all players in this area.
For the moment, we (=seek-for-android team) started with an idea and developed an initial library for providing access to secure elements. In the end we would like to see this to be part of the platform, integrated in every phone on the market and not limited to 'special' secure elements but including all security related service providers. It's a big challenge to provide software based security so we focused on (available) secure elements. Like said previously, this cannot be a contribution of a single company or person - please bring yourself in and discuss ideas how to enable enterprise security requirements in Android. --- Daniel On Nov 5, 9:54 am, Chevalier Dev <[email protected]> wrote: > This might change things a > bit:http://www.infosecurity-magazine.com/view/4997/giesecke-devrient-play... > Executive summary: G&D is offering support for a secure element inside > Android. > > This might be a good opportunity to gather everybody around a single > keystore, and from there expand key management to all applications in > need of it: encrypted e-mail and mass storage, VPN, WiFi, etc. Step by > step we would end up with an enterprise-level Android. > > Comments anyone?
