[android-developers] Re: How secure is SharedPreferences?
Thanks, Articles like this make me think it is easy enough for me to do: http://zeaster.blogspot.com/2007/11/how-to-decompile-dex-file-on-android_28.html >From the thread, at minimum we shouldn't put secure data in a string like the example to get this started. - String mySecretKey ="secret"; - We can obfuscate, use encryption, and make this as difficult as possible. And perhaps there is a good reason to add a EULA with old fashioned language like you agree not to: "reverse engineer or decompile, decrypt, disassemble or otherwise reduce the Software to human-readable form" On Tue, Sep 15, 2009 at 2:53 PM, Dianne Hackborn wrote: > On Tue, Sep 15, 2009 at 11:47 AM, Carmen Delessio < > carmendeles...@gmail.com> wrote: > >> Of course you are right that this is no different than creating a desktop >> app in Java. >> I've just never seen the need to create a Java Desktop app, so I had not >> thought about the security issue. >> > > To be a little more accurate, this is not specific to Java or the Desktop, > but any code that runs on a user's device. > > >> Android apps that connect to web services are useful and typically require >> a developer key as part of the interaction. >> The same issue of securing the developer key would arise in a Java desktop >> app. > > > And it's the same issue as such an app running on an iPhone, or a native > application on a desktop, etc. > > -- > Dianne Hackborn > Android framework engineer > hack...@android.com > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. > > > > > -- Carmen http://www.twitter.com/CarmenDelessio http://www.talkingandroid.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
On Tue, Sep 15, 2009 at 11:47 AM, Carmen Delessio wrote: > Of course you are right that this is no different than creating a desktop > app in Java. > I've just never seen the need to create a Java Desktop app, so I had not > thought about the security issue. > To be a little more accurate, this is not specific to Java or the Desktop, but any code that runs on a user's device. > Android apps that connect to web services are useful and typically require > a developer key as part of the interaction. > The same issue of securing the developer key would arise in a Java desktop > app. And it's the same issue as such an app running on an iPhone, or a native application on a desktop, etc. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
Of course you are right that this is no different than creating a desktop app in Java. I've just never seen the need to create a Java Desktop app, so I had not thought about the security issue. Android apps that connect to web services are useful and typically require a developer key as part of the interaction. The same issue of securing the developer key would arise in a Java desktop app. > Forgive me if there is a very obvious answer to this question, but I want to have the best answer possible. Thanks, Carmen On Tue, Sep 15, 2009 at 2:06 PM, Dianne Hackborn wrote: > This is NO DIFFERENT than a desktop computer. The person owns the device. > Ultimately they will be able to do with it what they want, whether or not > you try to prevent them. And if a person jailbreaks an iPhone? Same > thing. I don't really understand why this is so traumatic, this is just > reality. > > On Tue, Sep 15, 2009 at 10:09 AM, Carmen Delessio < > carmendeles...@gmail.com> wrote: > >> Based on this, is your perspective that Andrei is correct that "basically >> storing private data on the phone is actually impossible?" >> >> My goal is not even store the data, but to have one time access for the >> application to a secure piece of data. >> ... > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
This is NO DIFFERENT than a desktop computer. The person owns the device. Ultimately they will be able to do with it what they want, whether or not you try to prevent them. And if a person jailbreaks an iPhone? Same thing. I don't really understand why this is so traumatic, this is just reality. On Tue, Sep 15, 2009 at 10:09 AM, Carmen Delessio wrote: > Based on this, is your perspective that Andrei is correct that "basically > storing private data on the phone is actually impossible?" > > My goal is not even store the data, but to have one time access for the > application to a secure piece of data. > > The suggestion about being careful about where to put the encryption key, " > get it over the network, only keep it in RAM, never let it be written to > storage," does not seem to address decompiling the .dex file. The key > would be put into RAM by the program that can be decompiled. > > I am not typically a paranoid regarding security, but this seems like it > should be a legitimate concern. I'd like to be wrong about that. If this > is a theoretical, but unlikely scenario that would be great. > > Carmen > > > > > On Tue, Sep 15, 2009 at 12:58 PM, Yusuf Saib (T-Mobile USA) < > yusuf.s...@t-mobile.com> wrote: > >> >> You say that like it's a bad thing. Re-discovery worked well enough >> for Columbus. >> >> >> Yusuf Saib >> Android >> ·T· · ·Mobile· stick together >> The views, opinions and statements in this email are those of the >> author solely in their individual capacity, and do not necessarily >> represent those of T-Mobile USA, Inc. >> >> >> >> On Sep 15, 9:11 am, Chris Stratton wrote: >> > On Sep 15, 10:38 am, Carmen Delessio wrote: >> > >> > > I want >> > > to get a handle on implementing security in an enviroment where: >> > >> > > 1. Developers can have a rooted phone >> > > 2. Developers can decompile your code >> > >> > You have just re-discovered why security in a network environment >> > starts with the premise that a server cannot trust a client >> > computer, >> >> > > > > -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
Based on this, is your perspective that Andrei is correct that "basically storing private data on the phone is actually impossible?" My goal is not even store the data, but to have one time access for the application to a secure piece of data. The suggestion about being careful about where to put the encryption key, " get it over the network, only keep it in RAM, never let it be written to storage," does not seem to address decompiling the .dex file. The key would be put into RAM by the program that can be decompiled. I am not typically a paranoid regarding security, but this seems like it should be a legitimate concern. I'd like to be wrong about that. If this is a theoretical, but unlikely scenario that would be great. Carmen On Tue, Sep 15, 2009 at 12:58 PM, Yusuf Saib (T-Mobile USA) < yusuf.s...@t-mobile.com> wrote: > > You say that like it's a bad thing. Re-discovery worked well enough > for Columbus. > > > Yusuf Saib > Android > ·T· · ·Mobile· stick together > The views, opinions and statements in this email are those of the > author solely in their individual capacity, and do not necessarily > represent those of T-Mobile USA, Inc. > > > > On Sep 15, 9:11 am, Chris Stratton wrote: > > On Sep 15, 10:38 am, Carmen Delessio wrote: > > > > > I want > > > to get a handle on implementing security in an enviroment where: > > > > > 1. Developers can have a rooted phone > > > 2. Developers can decompile your code > > > > You have just re-discovered why security in a network environment > > starts with the premise that a server cannot trust a client > > computer, > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
You say that like it's a bad thing. Re-discovery worked well enough for Columbus. Yusuf Saib Android ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 15, 9:11 am, Chris Stratton wrote: > On Sep 15, 10:38 am, Carmen Delessio wrote: > > > I want > > to get a handle on implementing security in an enviroment where: > > > 1. Developers can have a rooted phone > > 2. Developers can decompile your code > > You have just re-discovered why security in a network environment > starts with the premise that a server cannot trust a client > computer, --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
On Sep 15, 10:38 am, Carmen Delessio wrote: > I want > to get a handle on implementing security in an enviroment where: > > 1. Developers can have a rooted phone > 2. Developers can decompile your code You have just re-discovered why security in a network environment starts with the premise that a server cannot trust a client computer, --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
Thanks, Understanding that PGP and encryption are generally what is required, I want to get a handle on implementing security in an enviroment where: 1. Developers can have a rooted phone 2. Developers can decompile your code #2 is what makes this more difficult. On a web server, I can be reasonably assured when I use Java that you can't get my compiled class and decompile it. Starting with the specific non-secure example: > I code that secret key into my app. * String secretKey="mysecretkey"; That is not secure. "mysecretkey" is readable in the .dex file. Thanks for pointing that out. I can encrypt it using a method like those here: http://www.j2ee.me/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#SimpleEncrEx Android has classes to support this: http://developer.android.com/reference/javax/crypto/KeyGenerator.html * Let's say, I use the suggestion to get my secret key over the network. * That would typically be fine, but since an ambitious developer could decompile the code that does this, is it secure? I'd be happy to be missing something obvious. I think this is important enough for the specifics to be discussed. In the example scenario, the "mysecretkey" would be the developer secret for an API like Twitter, Facebook ... So user entering it is not the goal. Thanks again, Carmen -- Carmen http://www.twitter.com/CarmenDelessio http://www.talkingandroid.com On Tue, Sep 15, 2009 at 10:07 AM, gjs wrote: > > Hi, > > > I code that secret key into my app. * String secretKey="mysecretkey";* > > > > Given the ability to decompile .dex files, is this secure enough? > > You only need to open the .dex file in a text editor to see the > "mysecretkey" string, so decompile is not even necessary. > > Dianne gave one of the best answers and the following might also help > you find a best answer possible, but it really depends on what you are > willing to accept as being secure enough for your application. > > http://en.wikipedia.org/wiki/Public-key_cryptography > > The very obvious answer is to get the user to enter the secret key > each time they use your application, but that is not generally > practical and is unlikely to be recommended. > > Regards > > > > On Sep 15, 10:14 pm, Carmen Delessio wrote: > > Forgive me if there is a very obvious answer to this question, but I want > to > > have the best answer possible. > > > > >I must implement a system that needs to store some information at some > > > > times in application lifetime.>This information must not be deleted / > modified in any way because of > > > > security issues (the user could trick the system). > > > > This is a scenario that is very similar to using APIs with secret keys. > > I , as a developer, have been given a secret key that is required for the > > API. > > I code that secret key into my app. * String secretKey="mysecretkey";* > > > > Given the ability to decompile .dex files, is this secure enough? > > > > I can think of other ways to do this, but what are the recommendations. > I've > > looked at the Android Security FAQ and googled for an anwer. > > Thanks, > > Carmen > > -- > > Carmenhttp://www.twitter.com/CarmenDelessiohttp://www.talkingandroid.com > > > > On Tue, Sep 15, 2009 at 4:15 AM, Dianne Hackborn >wrote: > > > > > By definition, if the user has root, they can get to whatever they > want. > > > Now you can make this more difficult for them, by doing things like > > > encrypting your data and trying to be as careful as you can about where > you > > > put the encryption key (for ex get it over the network, only keep it in > RAM, > > > never let it be written to storage), but you would probably want to do > that > > > yourself since relying on the platform to do so just makes it easier > for the > > > user to subvert. > > > > > On Mon, Sep 14, 2009 at 11:07 PM, Andrei Bucur >wrote: > > > > >> So basically storing private data on the phone is actually impossible? > I > > >> must implement a system that needs to store some information at some > times > > >> in application lifetime. This information must not be deleted / > modified in > > >> any way because of security issues (the user could trick the system). > > >> Is there a way to this on a rooted phone (I'm pretty sure it's not... > but > > >> the question worths a shot)? > > > > >> Thanks! > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
Hi, > I code that secret key into my app. * String secretKey="mysecretkey";* > > Given the ability to decompile .dex files, is this secure enough? You only need to open the .dex file in a text editor to see the "mysecretkey" string, so decompile is not even necessary. Dianne gave one of the best answers and the following might also help you find a best answer possible, but it really depends on what you are willing to accept as being secure enough for your application. http://en.wikipedia.org/wiki/Public-key_cryptography The very obvious answer is to get the user to enter the secret key each time they use your application, but that is not generally practical and is unlikely to be recommended. Regards On Sep 15, 10:14 pm, Carmen Delessio wrote: > Forgive me if there is a very obvious answer to this question, but I want to > have the best answer possible. > > >I must implement a system that needs to store some information at some > > times in application lifetime.>This information must not be deleted / > modified in any way because of > > security issues (the user could trick the system). > > This is a scenario that is very similar to using APIs with secret keys. > I , as a developer, have been given a secret key that is required for the > API. > I code that secret key into my app. * String secretKey="mysecretkey";* > > Given the ability to decompile .dex files, is this secure enough? > > I can think of other ways to do this, but what are the recommendations. I've > looked at the Android Security FAQ and googled for an anwer. > Thanks, > Carmen > -- > Carmenhttp://www.twitter.com/CarmenDelessiohttp://www.talkingandroid.com > > On Tue, Sep 15, 2009 at 4:15 AM, Dianne Hackborn wrote: > > > By definition, if the user has root, they can get to whatever they want. > > Now you can make this more difficult for them, by doing things like > > encrypting your data and trying to be as careful as you can about where you > > put the encryption key (for ex get it over the network, only keep it in RAM, > > never let it be written to storage), but you would probably want to do that > > yourself since relying on the platform to do so just makes it easier for the > > user to subvert. > > > On Mon, Sep 14, 2009 at 11:07 PM, Andrei Bucur > > wrote: > > >> So basically storing private data on the phone is actually impossible? I > >> must implement a system that needs to store some information at some times > >> in application lifetime. This information must not be deleted / modified in > >> any way because of security issues (the user could trick the system). > >> Is there a way to this on a rooted phone (I'm pretty sure it's not... but > >> the question worths a shot)? > > >> Thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
Forgive me if there is a very obvious answer to this question, but I want to have the best answer possible. >I must implement a system that needs to store some information at some times in application lifetime. >This information must not be deleted / modified in any way because of security issues (the user could trick the system). This is a scenario that is very similar to using APIs with secret keys. I , as a developer, have been given a secret key that is required for the API. I code that secret key into my app. * String secretKey="mysecretkey";* Given the ability to decompile .dex files, is this secure enough? I can think of other ways to do this, but what are the recommendations. I've looked at the Android Security FAQ and googled for an anwer. Thanks, Carmen -- Carmen http://www.twitter.com/CarmenDelessio http://www.talkingandroid.com On Tue, Sep 15, 2009 at 4:15 AM, Dianne Hackborn wrote: > By definition, if the user has root, they can get to whatever they want. > Now you can make this more difficult for them, by doing things like > encrypting your data and trying to be as careful as you can about where you > put the encryption key (for ex get it over the network, only keep it in RAM, > never let it be written to storage), but you would probably want to do that > yourself since relying on the platform to do so just makes it easier for the > user to subvert. > > On Mon, Sep 14, 2009 at 11:07 PM, Andrei Bucur wrote: > >> So basically storing private data on the phone is actually impossible? I >> must implement a system that needs to store some information at some times >> in application lifetime. This information must not be deleted / modified in >> any way because of security issues (the user could trick the system). >> Is there a way to this on a rooted phone (I'm pretty sure it's not... but >> the question worths a shot)? >> >> Thanks! >> >> > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
By definition, if the user has root, they can get to whatever they want. Now you can make this more difficult for them, by doing things like encrypting your data and trying to be as careful as you can about where you put the encryption key (for ex get it over the network, only keep it in RAM, never let it be written to storage), but you would probably want to do that yourself since relying on the platform to do so just makes it easier for the user to subvert. On Mon, Sep 14, 2009 at 11:07 PM, Andrei Bucur wrote: > So basically storing private data on the phone is actually impossible? I > must implement a system that needs to store some information at some times > in application lifetime. This information must not be deleted / modified in > any way because of security issues (the user could trick the system). > Is there a way to this on a rooted phone (I'm pretty sure it's not... but > the question worths a shot)? > > Thanks! > > On Tue, Sep 15, 2009 at 2:39 AM, Romain Guy wrote: > >> >> The content of shared preferences is, currently, stored in an XML file >> in the data partition. Only your app has the permission to look into >> the directory that contains the XML file but if your user has a rooted >> phone then all bets are off. >> >> On Mon, Sep 14, 2009 at 4:10 PM, bkbonner >> wrote: >> > >> > We want to store credentials for a user to a web service so the user >> > doesn't have to repeatedly login, but we're concerned about security. >> > We can't store a hash on the database, but we could probably use JCE >> > encryption locally. >> > >> > Is the content in SharedPreferences secured on the Android device? >> > >> > Brian >> > > >> > >> >> >> >> -- >> Romain Guy >> Android framework engineer >> romain...@android.com >> >> Note: please don't send private questions to me, as I don't have time >> to provide private support. All such questions should be posted on >> public forums, where I and others can see and answer them >> >> >> > > > > -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
So basically storing private data on the phone is actually impossible? I must implement a system that needs to store some information at some times in application lifetime. This information must not be deleted / modified in any way because of security issues (the user could trick the system). Is there a way to this on a rooted phone (I'm pretty sure it's not... but the question worths a shot)? Thanks! On Tue, Sep 15, 2009 at 2:39 AM, Romain Guy wrote: > > The content of shared preferences is, currently, stored in an XML file > in the data partition. Only your app has the permission to look into > the directory that contains the XML file but if your user has a rooted > phone then all bets are off. > > On Mon, Sep 14, 2009 at 4:10 PM, bkbonner > wrote: > > > > We want to store credentials for a user to a web service so the user > > doesn't have to repeatedly login, but we're concerned about security. > > We can't store a hash on the database, but we could probably use JCE > > encryption locally. > > > > Is the content in SharedPreferences secured on the Android device? > > > > Brian > > > > > > > > > -- > Romain Guy > Android framework engineer > romain...@android.com > > Note: please don't send private questions to me, as I don't have time > to provide private support. All such questions should be posted on > public forums, where I and others can see and answer them > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: How secure is SharedPreferences?
The content of shared preferences is, currently, stored in an XML file in the data partition. Only your app has the permission to look into the directory that contains the XML file but if your user has a rooted phone then all bets are off. On Mon, Sep 14, 2009 at 4:10 PM, bkbonner wrote: > > We want to store credentials for a user to a web service so the user > doesn't have to repeatedly login, but we're concerned about security. > We can't store a hash on the database, but we could probably use JCE > encryption locally. > > Is the content in SharedPreferences secured on the Android device? > > Brian > > > -- Romain Guy Android framework engineer romain...@android.com Note: please don't send private questions to me, as I don't have time to provide private support. All such questions should be posted on public forums, where I and others can see and answer them --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
