[security-dev] Android Developers Blog: Using Cryptography to Store Credentials Safely
Anil Saldhana
Anil.Saldhana at redhat.com
Wed Feb 20 10:44:18 EST 2013
I have heard one of the biggest challenges with Android apps is once the
phone is rooted, you have access to the APK. Basically any unencrypted
secrets/tokens used by the app are vulnerable. At a bare minimum, OAuth
interactions require (ClientID + ClientSecret) combination to be saved.
On 02/20/2013 05:27 AM, Bruno Oliveira wrote:
> Morning, just be careful with the earlier releases from
> Android http://code.google.com/p/android/issues/detail?id=40578
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> On Tuesday, February 19, 2013 at 11:20 PM, Anil Saldhana wrote:
>
>> http://android-developers.blogspot.com/2013/02/using-cryptography-to-store-credentials.html?m=1
>>
>>
More information about the security-dev
mailing list