My app requires that the user enters in private personal information. This information is used to generate a 'master' hash. The 'master' hash is used to generate passwords. Rather than having the user enter their personal details every time they need a password, I wish to store the 'master' hash.
After looking at android storage options I was thinking of storing the 'master' hash in a foreground service. I am comfortable with losing the 'master' hash everytime the device shuts down or if the service is shutdown. However, I believe that since it is a foreground service this is unlikely to happen.... I believe.... that using the foreground service for this purpose as it will be difficult to obtain the master hash if the device is stolen. Once the phone goes off the master hash is gone. Is what I believe true? Is there any serious security flaws with this method? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
