Updated App Security (markdown)
parent
d6ff4e3b46
commit
03bfc529f9
|
@ -11,7 +11,7 @@ From ``./lint --show AllowBackup``:
|
||||||
* Due to ``android:allowBackup="false"``, apps such as [Helium](https://play.google.com/store/apps/details?id=com.koushikdutta.backup) will **not** work
|
* Due to ``android:allowBackup="false"``, apps such as [Helium](https://play.google.com/store/apps/details?id=com.koushikdutta.backup) will **not** work
|
||||||
* We explicitly do **not** implement a [Backup Agent](http://developer.android.com/guide/topics/data/backup.html), so no keys are transferred to Google's cloud.
|
* We explicitly do **not** implement a [Backup Agent](http://developer.android.com/guide/topics/data/backup.html), so no keys are transferred to Google's cloud.
|
||||||
* All keys (secret and public) are stored inside the app's sqlite database. It resides in ``/data/data/org.sufficientlysecure.keychain/databases/openkeychain.db``
|
* All keys (secret and public) are stored inside the app's sqlite database. It resides in ``/data/data/org.sufficientlysecure.keychain/databases/openkeychain.db``
|
||||||
* Like every app on Android OS, OpenKeychain is [sandboxed to prevent other apps from accessing OpenKeychain's data](https://source.android.com/devices/tech/security/#the-application-sandbox). To emphasize this again: This means that other apps **cannot** access the secret keys of OpenKeychain under Android's security model.
|
* Like every app on Android OS, OpenKeychain is [sandboxed to prevent other apps from accessing OpenKeychain's data](https://source.android.com/devices/tech/security/#the-application-sandbox). To emphasize this again: This means that other apps **cannot** access the keys of OpenKeychain under Android's security model.
|
||||||
* There is only one way to get around this: If you install apps that you allow root access or apps that exploit bugs in the Android distribution on your device to do privilege escalation attacks. Even then, apps can only retrieve the secret keys containing the private values in an [encrypted format](http://tools.ietf.org/html/rfc4880#section-5.5.3). Thus, getting the private values requires reading the memory of OpenKeychain while a key is unlocked.
|
* There is only one way to get around this: If you install apps that you allow root access or apps that exploit bugs in the Android distribution on your device to do privilege escalation attacks. Even then, apps can only retrieve the secret keys containing the private values in an [encrypted format](http://tools.ietf.org/html/rfc4880#section-5.5.3). Thus, getting the private values requires reading the memory of OpenKeychain while a key is unlocked.
|
||||||
|
|
||||||
### Why is OpenKeychain's database not encrypted?
|
### Why is OpenKeychain's database not encrypted?
|
||||||
|
|
Loading…
Reference in New Issue