I would probably like to have whatever an APP writes to internal storage be encrypted. Do normally APPs share the data which is written to its internal storage?
TI's OMAP SoC (ARM based) have hardware crypto accelerators. In fact I work on TI's AM335x platform (arowboat.org and gitorious.org/rowboat) and currently trying to enable HW crypto and random number generator for Android. -Arun On Sunday, July 21, 2013 7:00:35 AM UTC+5:30, Kristopher Micinski wrote: > > The API for apps touching the filesystem is fairly opaque and low > level: it's not structured to make this easy. In other words, if you > wanted to encrypt everything an app writes you'd have to be able to > detect the range of things an app writes. Another problem with this > is that sometimes apps want to share data with each other through the > filesystem (although they should be doing this through a content > provider with an associated permission..): how do you know > automatically what an app's "private" storage is, and what it's > "public" storage is? > > Although providing such an API would be possible, I don't believe it's > currently implemented on a per app basis in any ROM of which I'm > aware. You can do full disk encryption, however, which might provide > a suitable alternative. > > Do any platforms (ARM chips running Android, or other processors) ship > with hardware accelerated crypto? I don't believe they do, I've only > seen this on i7s and similarly high powered chips. > > Kris > > On Sat, Jul 20, 2013 at 1:10 PM, Arun Joseph > <arunjo...@gmail.com<javascript:>> > wrote: > > Do Android currently provide mechanism to create an encrypted storage > for > > the apps? Encryption-Decryption can be made accelerated with Hardware > > Cryptographic Accelerators. > > > > -Arun > > > > > > On Thursday, July 18, 2013 5:27:31 PM UTC+5:30, Kristopher Micinski > wrote: > >> > >> To an extent, this is what internal storage already is. Apps can't > >> read other app's internal storage. However, if you got the device and > >> had physical access to it you could still read the data from internal > >> storage. One problem with implementing this permission is that it > >> would probably mandate the use of some level of encryption, which is > >> very difficult to dynamically verify for apps. It would in theory be > >> possible to do something like stick an encrypted directory for apps > >> with the permission, however. > >> > >> Kris > >> > >> On Thu, Jul 18, 2013 at 12:32 AM, Saba <sabap...@gmail.com> wrote: > >> > It would be nice if we can have another category in the storage as > below > >> > - > >> > > >> > Protected Storage : This can be used to store files or contents of > the > >> > Apps > >> > that deals with confidential data. Remaining stuff like gallery or > >> > videos > >> > can be accessed with usual storage permission. > >> > > >> > Any comments on this? > >> > > >> > Thanks, > >> > Saba > >> > > >> > On Tuesday, 16 July 2013 14:05:58 UTC+5:30, Yury Zhauniarovich wrote: > >> >> > >> >> Actually, there are a lot of scientific papers who consider this > >> >> possibility. It's better to look into them to find out if there are > >> >> real > >> >> examples of such kind attack. As for me, it is very easy to > implement > >> >> so to > >> >> my point of view these kind of applications should exist in a wild. > >> >> > >> >> On Monday, July 15, 2013 5:51:01 PM UTC+2, Kristopher Micinski > wrote: > >> >>> > >> >>> Ah, I misunderstood your question. > >> >>> > >> >>> An app without internet permission cannot -- in and of itself -- > >> >>> upload content to the internet directly. I thought you were only > >> >>> referring to storage. > >> >>> > >> >>> It would be possible that this could happen if another app had an > >> >>> endpoint that allowed data to be sent to the internet indirectly > (as a > >> >>> proxy). This is typically referred to as a confused deputy attack: > >> >>> though I don't know of any real world examples on Android. > >> >>> > >> >>> Kris > >> >>> > >> >>> > >> >>> On Mon, Jul 15, 2013 at 11:49 AM, Saba <sabap...@gmail.com> wrote: > >> >>> > Thanks a lot Kris. > >> >>> > > >> >>> > I am new to android platform.I wonder how an app without internet > >> >>> > permission > >> >>> > (It has only Storage permission) can upload a file or connect to > >> >>> > internet? > >> >>> > Could you please explain me little bit? > >> >>> > > >> >>> > > >> >>> > Thanks & Regards, > >> >>> > Saba > >> >>> > > >> >>> > > >> >>> > On Sunday, 14 July 2013 20:09:33 UTC+5:30, Kristopher Micinski > >> >>> > wrote: > >> >>> >> > >> >>> >> It depends on where the data is stored, if it's encrypted, > etc... > >> >>> >> > >> >>> >> If the information is stored on USB (external) storage, then it > is > >> >>> >> absolutely possible that your information would be taken and put > on > >> >>> >> the internet. > >> >>> >> > >> >>> >> Kris > >> >>> >> > >> >>> >> > >> >>> >> On Sun, Jul 14, 2013 at 2:49 AM, Saba <sabap...@gmail.com> > wrote: > >> >>> >> > Hi Experts, > >> >>> >> > > >> >>> >> > Hope you are doing well... > >> >>> >> > > >> >>> >> > I have many apps which has ONLY Storage (details given below) > >> >>> >> > permission > >> >>> >> > and > >> >>> >> > I save & access important/confidential information using those > >> >>> >> > apps. > >> >>> >> > Is > >> >>> >> > there way , these apps can upload my data to the internet > without > >> >>> >> > my > >> >>> >> > permission? > >> >>> >> > > >> >>> >> > Storage > >> >>> >> > modify or delete the contents of your USB storage > >> >>> >> > Allows the app to write to the USB storage. > >> >>> >> > > >> >>> >> > I use a nexus4 running on android 4.2.2. > >> >>> >> > > >> >>> >> > Thanks, > >> >>> >> > Saba > >> >>> >> > > >> >>> >> > -- > >> >>> >> > You received this message because you are subscribed to the > >> >>> >> > Google > >> >>> >> > Groups > >> >>> >> > "Android Security Discussions" group. > >> >>> >> > To unsubscribe from this group and stop receiving emails from > it, > >> >>> >> > send > >> >>> >> > an > >> >>> >> > email to > >> >>> >> > android-security-discuss+unsubscr...@googlegroups.com<javascript:>. > >> >>> >> > > > >> >>> >> > To post to this group, send email to > >> >>> >> > android-secu...@googlegroups.com. > >> >>> >> > Visit this group at > >> >>> >> > http://groups.google.com/group/android-security-discuss. > >> >>> >> > For more options, visit > https://groups.google.com/groups/opt_out. > >> >>> >> > > >> >>> >> > > >> >>> > > >> >>> > -- > >> >>> > You received this message because you are subscribed to the > Google > >> >>> > Groups > >> >>> > "Android Security Discussions" group. > >> >>> > To unsubscribe from this group and stop receiving emails from it, > >> >>> > send > >> >>> > an > >> >>> > email to > >> >>> > android-security-discuss+unsubscr...@googlegroups.com<javascript:>. > > >> >>> > To post to this group, send email to > >> >>> > android-secu...@googlegroups.com. > >> >>> > Visit this group at > >> >>> > http://groups.google.com/group/android-security-discuss. > >> >>> > For more options, visit https://groups.google.com/groups/opt_out. > > >> >>> > > >> >>> > > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Android Security Discussions" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to > >> > android-security-discuss+unsubscr...@googlegroups.com<javascript:>. > > >> > To post to this group, send email to > >> > android-secu...@googlegroups.com. > >> > Visit this group at > >> > http://groups.google.com/group/android-security-discuss. > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Android Security Discussions" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to > > android-security-discuss+unsubscr...@googlegroups.com<javascript:>. > > > To post to this group, send email to > > android-secu...@googlegroups.com <javascript:>. > > Visit this group at > http://groups.google.com/group/android-security-discuss. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
