Thank you Chris and Swapnil. -Pandit
On Dec 13, 11:07 pm, swapnil <[email protected]> wrote: > Hi Pandit, > Here are the answers inline, > > > 1) Does AccountManager store account information and in > > particular credentials in a plain text or it encrypts the information > > in the storage? > > [SK]No. AccountManager has no security currently. It stores > credentials simply in plaintext. > > > > > 2) What kind of credentials are stored in the credential > > storage (under setting there is a setting for setting up password for > > this storage)? > > [SK]Your account credentials, gmail/exchange etc. > > > > > 3) How does the password is used to protect the credential > > storage (uses to derive key and encrypt the storage or ...) ? > > Credential storage is totally different thing. It is based on master > key encryption and used mainly to secure certificates. > > > 4) Does AccountManager's storage uses the credential storage > > with the password protected? > > No. > > On Dec 13, 10:53 pm, Chris Palmer <[email protected]> wrote: > > > > > > > > > Well, it is an open source operating system. Let's find out. > > > ~/android/frameworks ; find . -iname '*account*manager*' > > ./base/docs/html/sdk/api_diff/8/changes/android.accounts.AccountManager.htm > > l > > ./base/core/java/android/accounts/IAccountManager.aidl > > ./base/core/java/android/accounts/IAccountManagerResponse.aidl > > ./base/core/java/android/accounts/AccountManagerCallback.java > > ./base/core/java/android/accounts/AccountManagerResponse.java > > ./base/core/java/android/accounts/AccountManager.java > > ./base/core/java/android/accounts/AccountManagerService.java > > ./base/core/java/android/accounts/AccountManagerFuture.java > > ./base/core/tests/coretests/src/android/accounts/AccountManagerServiceTest. > > java > > > Surely, the Service provides the backend? > > > ~/android/frameworks ; vim -R > > base/core/java/android/accounts/AccountManagerService.java > > > ... Yep. Check out the method addAccount, which calls > > insertAccountIntoDatabase. > > > Well, maybe there is more to the story. I've only spent 4 minutes > > looking into this. But this is suggestive: > > > ~/android/frameworks/base/core/java/android/accounts ; grep -i crypt * > > ~/android/frameworks/base/core/java/android/accounts ; > > > Let us know what you find... > > > On Fri, Dec 10, 2010 at 4:53 AM, Pandit <[email protected]> wrote: > > > Hello, > > > > I hope to get some clarification about AccountManager's storage > > > and credential storage. > > > > 1) Does AccountManager store account information and in > > > particular credentials in a plain text or it encrypts the information > > > in the storage? > > > > 2) What kind of credentials are stored in the credential > > > storage (under setting there is a setting for setting up password for > > > this storage)? > > > > 3) How does the password is used to protect the credential > > > storage (uses to derive key and encrypt the storage or ...) ? > > > > 4) Does AccountManager's storage uses the credential storage > > > with the password protected? > > > > Thank you, > > > - Pandit > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Android Security Discussions" group. > > > To post to this group, send email to > > > [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]. > > > For more options, visit this group > > > athttp://groups.google.com/group/android-security-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
