<div>--&nbsp;</div><div><div>"The measure of a man is what he does with power" - Plato</div><div>-</div><div>@abstractj</div><div>-</div><div>Volenti Nihil Difficile</div></div>
                 
                <p style="color: #A0A0A8;">On Wednesday, February 20, 2013 at 12:44 PM, Anil Saldhana wrote:</p>
                <blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
                    <span><div><div><div>I have heard one of the biggest challenges with Android apps is once the </div><div>phone is rooted, you have access to the APK.  Basically any unencrypted </div><div>secrets/tokens used by the app are vulnerable. </div></div></div></span></blockquote><div>I think that store any sensitive data unencrypted would be insane. That's the reason why we will encrypt the sensitive data for Android, iOS, JS on AeroGear.&nbsp;</div><blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;"><span><div><div><div>At a bare minimum, OAuth </div><div>interactions require (ClientID + ClientSecret) combination to be saved.</div></div></div></span></blockquote><div>Don't worry about that, when OAuth2 impl on PicketLink become ready for testing I'll handle this.</div><blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;"><span><div><div><div><br></div><div>On 02/20/2013 05:27 AM, Bruno Oliveira wrote:</div><blockquote type="cite"><div><div>Morning, just be careful with the earlier releases from </div><div>Android <a href="http://code.google.com/p/android/issues/detail?id=40578">http://code.google.com/p/android/issues/detail?id=40578</a></div><div><br></div><div><br></div><div>-- </div><div>"The measure of a man is what he does with power" - Plato</div><div>-</div><div>@abstractj</div><div>-</div><div>Volenti Nihil Difficile</div><div><br></div><div>On Tuesday, February 19, 2013 at 11:20 PM, Anil Saldhana wrote:</div><div><br></div><blockquote type="cite"><div><a href="http://android-developers.blogspot.com/2013/02/using-cryptography-to-store-credentials.html?m=1">http://android-developers.blogspot.com/2013/02/using-cryptography-to-store-credentials.html?m=1</a></div></blockquote></div></blockquote><div>_______________________________________________</div><div>security-dev mailing list</div><div><a href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a></div><div><a href="https://lists.jboss.org/mailman/listinfo/security-dev">https://lists.jboss.org/mailman/listinfo/security-dev</a></div></div></div></span>
                 
                 
                 
                 
                </blockquote>
                 
                <div>
                    <br>
                </div>