I've started a risk assessment here: https://wiki.mozilla.org/Security/Reviews/AppsOnSDcard I'll keep it updated as the discussion continues.
On Jun 11, 2013, at 8:26 AM, Anthony Jones wrote: > On Mon, Jun 10, 2013 at 9:23 AM, Mike Habicher <[email protected]> wrote: >> On 13-06-10 12:18 PM, Jonas Sicking wrote: >> I think someone else has already mentioned that since USB mass storage mode >> mounts the SD card as a block device, there's no security we can provide to >> the contents of the SD card when the phone is plugged into a PC with USBMS >> enabled. > > Using a loopback device would allow us to use directory permissions. If > we want the data to be non-transferable then we encrypt it and store the > key on the main flash. Storing the encryption key in the network (or the > SIM) would make it transferable. In such a manner that you don't have to just steal both the sdcard & the SIM I assume. Encryption is the only effective control against the just reading data off the sdcard directly in another machine, so I think we either need to encrypt the data, or somehow guarantee that sensitive data isn't stored on the sdcard. It would be nice to have encryption support though anyways for improving the protection of all data no matter where it is stored (see the recent discussion around the Gaia credential manager). > >> Another side-effect of this is that the phone can't access the SD card >> during this time, so apps stored on the SD card won't be available, or may >> break. > > Mass Storage Class is far from an ideal choice. MTP and PTP have > advantages including not requiring exclusive access. Using a USB cable > is a very old fashioned way to access files. We should be supporting wifi. > > Anthony > _______________________________________________ > dev-b2g mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
