The author of that blog has a book that is in early preview. The chapter on credential storage is in the preview and looks to answer most of what you want. I haven't read that far yet and only got my copy the other day. If the quality of that chapter is on par with the rest of the book then you should be good. It is money well spent.
Your best bet on learning the differences between KK and L is to understand the model in KK and then spend some time with diff. http://www.nostarch.com/androidsecurity On Friday, September 19, 2014 12:21:46 PM UTC-6, Paolo Macco wrote: > > Thank you. > I've already read that blog's posts and I found them really useful. By the > way, the blog doesn't speak really much about Android L or Android KitKat.. > Thank you > > 2014-09-19 19:21 GMT+02:00 Brian Carlstrom <[email protected] <javascript:>> > : > >> I'd read Nikolay Elenkov's "Android Explorations" blog posts: >> http://nelenkov.blogspot.com/ as a starting point and the AOSP source >> code. >> >> -bri >> >> On Fri, Sep 19, 2014 at 1:15 AM, Paolo Macco <[email protected] >> <javascript:>> wrote: >> > I'm working on my thesis and I need some infos about how Android manages >> > certificates. >> > >> > In particular, I was interested in: >> > -which are the APIs to manage certificates (how to create them and how >> to >> > safely revoke them); >> > -which certificates formats are allowed (so, how can I create a >> > certificate); >> > -which protocols are used to manage the certificates (in particular to >> check >> > their integrity and how the markets and the apps interact with >> > certificates); >> > -how the OS stores and manages certificates. >> > >> > Moreover, it would be useful to know if there are differences between >> > Android L and Android KitKat in these topics. >> > >> > Thank you >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "Android Security Discussions" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected] >> <javascript:>. >> > To post to this group, send email to >> > [email protected] <javascript:>. >> > Visit this group at >> http://groups.google.com/group/android-security-discuss. >> > For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
