[guardian-dev] Storing application secrets in Android's credential storage

Abel Luck abel at guardianproject.info
Thu Aug 16 22:15:44 EDT 2012


What prevents an app from reading another apps' secrets?


Dominik Schürmann:
> No, I don't know of any app that uses this, but there is open source
> sample code available on https://github.com/nelenkov/android-keystore
> 
> Regards
> Dominik
> 
> On 14.08.2012 22:00, Hans-Christoph Steiner wrote:
>>
>> Hmm, that's interesting, but it sucks that its not a public API.  Do you
>> know of any apps that are using this?
>>
>> .hc
>>
>> On 08/13/2012 11:11 AM, Dominik Schürmann wrote:
>>> Hi,
>>>
>>> I don't know if it was already discussed, but there seems to be a way to
>>> store any data in Android's credential storage.
>>>
>>> I stumbled upon this interesting blog and the following post:
>>> http://nelenkov.blogspot.com.es/2012/05/storing-application-secrets-in-androids.html
>>>
>>> It is not public API but seems to be relatively stable as it is
>>> supported from 1.6 to 4.0. Thus it could be an option to store for
>>> example sqlcipher passwords.
>>>
>>> Regards
>>> Dominik Schürmann
>>>
>>>
>>>
>>> _______________________________________________
>>> Guardian-dev mailing list
>>>
>>> Post: Guardian-dev at lists.mayfirst.org
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>
>>> To Unsubscribe
>>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>>>
>>> You are subscribed as: hans at guardianproject.info
>>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/dominik%40dominikschuermann.de
>>
>> You are subscribed as: dominik at dominikschuermann.de
> 
> 
> 
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
> 
> You are subscribed as: abel at guardianproject.info


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20120817/a2e2998b/attachment.pgp>


More information about the Guardian-dev mailing list