Android already isolates apps from each other, doesn't allow them any access to each others data, and allows the system to discriminate between apps at a fine-grained level when deciding what data and functionality to give to them. What more are you looking for?
On Thu, Sep 2, 2010 at 7:38 PM, Anders Rundgren <[email protected]>wrote: > Chris Stratton wrote: > >> You wouldn't, you would just impersonate their authorised user, unless >> there's a user password check required with user-annoying frequency. >> > > If we put rooted systems aside for a moment... It would be quite easy > for a functional OS to discriminate applications from using password and > other keys. If you created a password with the browser, it shouldn't > be available for any other app, even if the password is stored in a > common "vault". > > In fact, I'm working on a key provisioning system for mobile phones > where the issuer is supposed to be able to grant certain applications > only in spite of the fact that the keystore is system-wide. > The "only" difficulty is finding a universal way of describing apps. > > Any ideas here would be much appreciated! > > Anders > > > >> On Sep 2, 8:52 pm, Jeff Enderwick <[email protected]> wrote: >> >>> How would you extract the private keys from the TPM? >>> >>> >>> >>> On Thu, Sep 2, 2010 at 5:09 PM, Chris Palmer <[email protected]> >>> wrote: >>> >>>> TPM would allow you to securely store the private keys associated with >>>>> a client cert. And IMO that is a pretty useful thing. Especially when >>>>> there are official loads like this: >>>>> http://grack.com/blog/2010/07/07/how-we-found-a-backdoor-in-sprints-e. >>>>> .. >>>>> >>>> No, a TPM will not help you if an attack has rooted your system. >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Android Security Discussions" group. >>>> To post to this group, send email to >>>> [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]<android-security-discuss%[email protected]> >>>> . >>>> For more options, visit this group athttp:// >>>> groups.google.com/group/android-security-discuss?hl=en. >>>> >>> >> > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
