[security-dev] Android Developers Blog: Using Cryptography to Store Credentials Safely
Bruno Oliveira
bruno at abstractj.org
Wed Feb 20 10:53:44 EST 2013
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
On Wednesday, February 20, 2013 at 12:44 PM, Anil Saldhana wrote:
> I have heard one of the biggest challenges with Android apps is once the
> phone is rooted, you have access to the APK. Basically any unencrypted
> secrets/tokens used by the app are vulnerable.
>
>
I think that store any sensitive data unencrypted would be insane. That's the reason why we will encrypt the sensitive data for Android, iOS, JS on AeroGear.
> At a bare minimum, OAuth
> interactions require (ClientID + ClientSecret) combination to be saved.
>
>
Don't worry about that, when OAuth2 impl on PicketLink become ready for testing I'll handle this.
>
> On 02/20/2013 05:27 AM, Bruno Oliveira wrote:
> > Morning, just be careful with the earlier releases from
> > Android http://code.google.com/p/android/issues/detail?id=40578
> >
> >
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> >
> > On Tuesday, February 19, 2013 at 11:20 PM, Anil Saldhana wrote:
> >
> > > http://android-developers.blogspot.com/2013/02/using-cryptography-to-store-credentials.html?m=1
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org (mailto:security-dev at lists.jboss.org)
> https://lists.jboss.org/mailman/listinfo/security-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20130220/2ce549ec/attachment-0001.html
More information about the security-dev
mailing list