"The measure of a man is what he does with power" - Plato

@abstractj

Volenti Nihil Difficile

I have heard one of the biggest challenges with Android apps is once the

phone is rooted, you have access to the APK. Basically any unencrypted

secrets/tokens used by the app are vulnerable.

I think that store any sensitive data unencrypted would be insane. That's the reason why we will encrypt the sensitive data for Android, iOS, JS on AeroGear.

At a bare minimum, OAuth

interactions require (ClientID + ClientSecret) combination to be saved.

Don't worry about that, when OAuth2 impl on PicketLink become ready for testing I'll handle this.

On 02/20/2013 05:27 AM, Bruno Oliveira wrote:

Morning, just be careful with the earlier releases from
Android http://code.google.com/p/android/issues/detail?id=40578

--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Tuesday, February 19, 2013 at 11:20 PM, Anil Saldhana wrote:

http://android-developers.blogspot.com/2013/02/using-cryptography-to-store-credentials.html?m=1

_______________________________________________

security-dev mailing list

security-dev@lists.jboss.org

https://lists.jboss.org/mailman/listinfo/security-dev