On Sat, Oct 12, 2013 at 11:50 AM, Tal Palant <[email protected]> wrote: > I have another question if someone can be please help. > > What about the issue that the keys are software keys stored locally? > > is it correct that any attacker that gets root can actually get those keys? > That's the problem of Unattended Key Storage, and its a problem without a solution. Its covered on page 368 of Peter Gutmann's Engineering Security (www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf). That chapter covers other "wicked hard" problems for designers.
Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
