This is not the same as data at rest encryption but rather relies on the Android (Linux) OS access control restrictions. "accessed / available only by the main user login information" implies that the user credentials are somehow being used to protect that data, which is why I asked. Your statement confirms that that is not true.
On Mon, Sep 26, 2011 at 13:10, Chris Palmer <snackypa...@gmail.com> wrote: > On Mon, Sep 26, 2011 at 10:41 AM, James Burns <jfbu...@gmail.com> wrote: > >>> Acording to Android API, the local SQL database can be configured to be >>> accessed / available only by the main user login information. >> >> Do you have a link to that claim (or source code)? The work that Apple >> did to make this happen in iOS 5 seemed non-trivial. > > This is fundamental to Android's design: All applications are isolated > from each other by default, because they each run as a distinct Linux > UID. Any cross-UID sharing is explicit and gated through the > permissions system. > > Everyone on this list should (re-)read > http://developer.android.com/guide/topics/security/security.html > before posting. Thanks. > > > -- > "These days, though, you have to be pretty technical before you can > even aspire to crudeness." — William Gibson > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
