Re: [security-dev] Android Developers Blog: Using Cryptography to Store Credentials Safely
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
On Wednesday, February 20, 2013 at 12:44 PM, Anil Saldhana wrote:
I have heard one of the biggest challenges with Android apps is once
the
phone is rooted, you have access to the APK. Basically any unencrypted
secrets/tokens used by the app are vulnerable.
I think that store any sensitive data unencrypted would be insane. That's the reason
why we will encrypt the sensitive data for Android, iOS, JS on AeroGear.
At a bare minimum, OAuth
interactions require (ClientID + ClientSecret) combination to be saved.
Don't worry about that, when OAuth2 impl on PicketLink become ready for testing
I'll handle this.
On 02/20/2013 05:27 AM, Bruno Oliveira wrote:
> Morning, just be careful with the earlier releases from
> Android http://code.google.com/p/android/issues/detail?id=40578
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> On Tuesday, February 19, 2013 at 11:20 PM, Anil Saldhana wrote:
>
> >
http://android-developers.blogspot.com/2013/02/using-cryptography-to-stor...
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org (mailto:security-dev@lists.jboss.org)
https://lists.jboss.org/mailman/listinfo/security-dev
Attachments:
- attachment.html (text/html — 2.8 KB)