[guardian-dev] Storing application secrets in Android's credential storage

Miron c1.android at niftybox.net
Fri Aug 17 02:27:24 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12-08-16 07:15 PM, Abel Luck wrote:
> What prevents an app from reading another apps' secrets?

I believe that all accesses cause the keystore to present a confirmation
dialog with the secret name and the app name.  This specific path would
have to be tested to make sure.

> Dominik Schürmann:
>> No, I don't know of any app that uses this, but there is open source
>> sample code available on https://github.com/nelenkov/android-keystore
>>
>> Regards
>> Dominik
>>
>> On 14.08.2012 22:00, Hans-Christoph Steiner wrote:
>>>
>>> Hmm, that's interesting, but it sucks that its not a public API. Do you
>>> know of any apps that are using this?
>>>
>>> .hc
>>>
>>> On 08/13/2012 11:11 AM, Dominik Schürmann wrote:
>>>> Hi,
>>>>
>>>> I don't know if it was already discussed, but there seems to be a
way to
>>>> store any data in Android's credential storage.
>>>>
>>>> I stumbled upon this interesting blog and the following post:
>>>>
http://nelenkov.blogspot.com.es/2012/05/storing-application-secrets-in-androids.html
>>>>
>>>> It is not public API but seems to be relatively stable as it is
>>>> supported from 1.6 to 4.0. Thus it could be an option to store for
>>>> example sqlcipher passwords.
>>>>
>>>> Regards
>>>> Dominik Schürmann
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Guardian-dev mailing list
>>>>
>>>> Post: Guardian-dev at lists.mayfirst.org
>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>
>>>> To Unsubscribe
>>>> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
>>>> Or visit:
https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>>>>
>>>> You are subscribed as: hans at guardianproject.info
>>>>
>>> _______________________________________________
>>> Guardian-dev mailing list
>>>
>>> Post: Guardian-dev at lists.mayfirst.org
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>
>>> To Unsubscribe
>>> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
>>> Or visit:
https://lists.mayfirst.org/mailman/options/guardian-dev/dominik%40dominikschuermann.de
>>>
>>> You are subscribed as: dominik at dominikschuermann.de
>>
>>
>>
>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
>> Or visit:
https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>>
>> You are subscribed as: abel at guardianproject.info
>
>
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit:
https://lists.mayfirst.org/mailman/options/guardian-dev/c1.android%40niftybox.net
>
> You are subscribed as: c1.android at niftybox.net


- -- 
Miron
http://hyper.to/blog/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIVAwUBUC3kQJifazBIoRa1AQKL8RAAuSEEHVlYOFvOtXYIa1DxmLT7tUN+EEsE
R/rAYc2PrUsqVo0sWt1u5aToUic4QEE9amu1ub97CSaiGBYzXX+v9PF54MYJ4yb0
vOnLezTu7iU86BLFRPAZNKHaYnsP4jXkfceKqVqbkp1NgXMrg+vEgwBgDkEpXTY3
QxVCA5j0UmRYAKHyGuf74VekLwqCmFEzsA4Dx7cx6uG7aB5z0GMnEwNhSLrUrOeq
YJBnJmIfl89RixErpInllJg11Eu0ahtAy/iAJw/UaHNXzFOG9bEgFIvKhNYWg66N
j2eqgGg2UOZk1YAl1gMeqJSo2miRi7UfrhGKmDNT+nngpiCiPfDgj/sbzehblNy9
NdgVdRrKPzvvp84kOhBD0iiX6ZkotCWyqk/1yVIgL1CbomiF74mWbBR2NjfdDmZO
mzZQsBE1c61wJvShCdAgO1Su8BjiBhqdc7/hajo23xsi+1Ys4Zjdrdl0Mq1Uqvyc
Rnaqeg4EGHn3oAsC8PCC0P/0cQdQrHRxQM1w0WbMMThD45W2ATGxZUPNOAxgjvcJ
wtzrUUhXHFJlmLah4Qp6GVBYeDu/byGkewkE4xQ4Dnt37wnImp9hDQpzs1uN/qUp
vN3lWNb3MMM2R7gryC04HhK3OA7wISS4lnssFWwsClw3ICpx6qrbQDLaVQj68MWb
JrUlTfDaCpI=
=ypvN
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20120816/faa880ef/attachment.htm>


More information about the Guardian-dev mailing list