Regarding hardware key storage: The Android Compatibillity Definition Document (http://source.android.com/compatibility/android-2.2-cdd.pdf) does not specify one, so no.
Therefore, applications would have to get keying material from somewhere else, such as a user's PIN or password. Failing that, encryption becomes mere "obfuscation" or "encraption" and is greatly less effective. As for what individual Android applications do, check their source code. In general, many questions on this list can easily be answered with common sense, Google searches, list archive reading, and documentation/code reading. I don't say this to be rude --- I mean it as gently as possible --- but the same questions keep coming up. The reason we make Android open source is so that you don't have to wonder: you can know. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
