[security-dev] Android Developers Blog: Using Cryptography to Store Credentials Safely
bruno at abstractj.org
Wed Feb 20 10:53:44 EST 2013
"The measure of a man is what he does with power" - Plato
Volenti Nihil Difficile
On Wednesday, February 20, 2013 at 12:44 PM, Anil Saldhana wrote:
> I have heard one of the biggest challenges with Android apps is once the
> phone is rooted, you have access to the APK. Basically any unencrypted
> secrets/tokens used by the app are vulnerable.
I think that store any sensitive data unencrypted would be insane. That's the reason why we will encrypt the sensitive data for Android, iOS, JS on AeroGear.
> At a bare minimum, OAuth
> interactions require (ClientID + ClientSecret) combination to be saved.
Don't worry about that, when OAuth2 impl on PicketLink become ready for testing I'll handle this.
> On 02/20/2013 05:27 AM, Bruno Oliveira wrote:
> > Morning, just be careful with the earlier releases from
> > Android http://code.google.com/p/android/issues/detail?id=40578
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> > On Tuesday, February 19, 2013 at 11:20 PM, Anil Saldhana wrote:
> > > http://android-developers.blogspot.com/2013/02/using-cryptography-to-store-credentials.html?m=1
> security-dev mailing list
> security-dev at lists.jboss.org (mailto:security-dev at lists.jboss.org)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security-dev