They would need to produce a fake service on the phone with the exact name of the service to replace it. I know during some of our research we basically did a quick upload of a service manually to the phone (flashed the service onto the phone with a card) that replaced the service. The replaced service included extra features like tie-ins for text messaging and such. I forget but I do believe there is a method in the base OS for encryption, might be worth looking into.
On Thu, Aug 4, 2011 at 10:28 AM, Narendran <[email protected]> wrote: > Hi all, > Can someone please take it. I couldn't find any doc or blog around > that. > > On Aug 3, 2:22 pm, Narendran <[email protected]> wrote: > > Hello, > > I'm developing an app which is passing some confidential info to a few > > services (WifiManager and AccountManager to be precise) in plaintext > > form. Can someone please let me know how easy or difficult it is for > > hacking the Context of an app and spoof these services? I'm > > essentially looking at avoiding information disclosure attack in my > > app. > > > > And also, is there any recommended best practice in Java/Android world > > when it comes to handling user's confidential data in your app. I was > > looking for something like .NET's SecureString equivalent, but > > couldn't find any yet. > > > > -- > > Thanks > > Narendran > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
