On Monday, December 30, 2013 at 9:00 PM, "Olav Seyfarth" <[email protected]>
wrote:
>I cannot tell the quality of those apps in respect of robustness
>against attacks
...
>cannot peer review these apps. But I feel this would be necessary and
>maybe someone on >the list already reviewed or is willing to one or another
>app
>source. Would be
>interesting to hear about. Concering this list: is that too off-
>topic?
>
>Due to the nature of device roaming, on mobile devices other
>questions arise,
>too. At least think about device authentication, encrypted storage
>(device/app),
>and whether want to use/store the same secret key (or use
>different (sub)keys).
=====
Many useful android apps require 'rooting' the phone,
(i.e. 'startup killers' which uninstall any/all unwanted apps put in by the
phone manufacturer which use up memory and battery).
Google Play refuses to take any responsibility on using google wallet on any
rooted phone,
(It could be their way of getting back at users for removing apps and ads, but
there probably is a real security issue too ... ).
So, if it's probably not safe to do credit cards/payments on a rooted phone,
it might be prudent not to trust encryption to a rooted phone, even if the
encryption apps themselves have been reviewed and vetted,
especially if someone has more than one app needing root access.
As phones are increasing in memory and processing power,
maybe an app could be developed to use a smart card usb reader on a phone.
(I would be willing to pay for such an app,
If developers think enough others would be willing to buy such an app to make
it worthwhile,
then maybe gnupg on android could be widely used.)
fwiw,
I have played around with APG and like it, but don't trust the 'phone' with it.
vedaal
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
