Apparently this never made it to the list, forwarding. ---------- Forwarded message ----------
On Thu, Jun 28, 2012 at 3:15 PM, Nikolay Elenkov <[email protected]> wrote: > On Thu, Jun 28, 2012 at 1:11 PM, Earlence <[email protected]> wrote: >> Google states that apps downloaded from play will be encrypted on the >> device. >> I have a few questions: >> >> 1. From the documentation, it seems that the APK will be stored in >> encrypted form in the /data/ partition. If so, does this mean that on >> every execution, a decryption takes place? If so, the key has to be >> retrieved onto the device, probably from the users gmail account. >> > > Someone that has an actual JB device should confirm, but it is very > likely that this is implemented the same way as apps to SD -- each > encrypted APK is loop-mounted and shows up as block device that > has the actual app files. > It seems that this is actually baked into the PackageManagerService and the DefaultContainerService and APKs are decrypted on the fly as needed. You can install encrypted APKs using adb install (which just calls pm install), but you need to specify the key/IV, so the app is decrypted before being installed. I don't see any encrypted paid apps on my device, so this is either not live yet, or there is some switch in the developer console you need to flip to enable it. I don't see any changes in the dev console either. Anyone seen any? This still leaves the question where the encryption key is stored (most probably in the keystore) and who generates it (Play Store based on device+user ID, or the device itself). -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
