> I don't see anything in section-8 of the CDD that precludes such > hardware.
But because it is not in there, users and developers cannot depend on it. Any application that makes use of extra-CDD hardware is not deployable on all Android devices, and would be a bad candidate for inclusion in the Market. A future CDD could possibly require a TPM or similar hardware, just as it could require a higher minimum amount of RAM someday. > The question is whether anyone is > finding a compelling reason to go down this road. So far, making good use of encryption + key storage/a TPM has proven difficult on mobile devices, in large part due to the difficulty of entering a good PIN or password at boot or (better) often. With Bit Locker on a Windows 7 laptop, typing a good boot-up password is easy; on a mobile it's very hard. And mobiles are generally always-on, so if you lose the device in a cab, an attacker may well be able to figure out a way to get the goods without ever needing the boot-up password. Using a TPM to store keys without requiring a PIN/password is fine --- Bit Locker even supports this mode --- but it has its problems too: http://www.wired.com/gadgetlab/2009/07/iphone-encryption/ I'm not willing to go as far as Zdziarski and say "useless"; PIN-less TPM encryption is actually a decent way to do remote wipe (as long as you can send the wipe signal before the attacker wraps the phone in a faraday bag). So it's a decent remote wipe feature, not a "useless" encryption feature. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
