Updated App Security (markdown)
dschuermann
parent
75f9fa5073
commit
757932038e
|
|
@ -11,15 +11,15 @@ From ``./lint --show AllowBackup``:
|
||||||
* Due to ``android:allowBackup="false"``, apps such as [Helium](https://play.google.com/store/apps/details?id=com.koushikdutta.backup) will **not** work
|
* Due to ``android:allowBackup="false"``, apps such as [Helium](https://play.google.com/store/apps/details?id=com.koushikdutta.backup) will **not** work
|
||||||
* We explicitly do **not** implement a [Backup Agent](http://developer.android.com/guide/topics/data/backup.html), so no keys are transferred to Google's cloud.
|
* We explicitly do **not** implement a [Backup Agent](http://developer.android.com/guide/topics/data/backup.html), so no keys are transferred to Google's cloud.
|
||||||
* All keys (secret and public) are stored inside the app's sqlite database. It resides in ``/data/data/org.sufficientlysecure.keychain/databases/openkeychain.db``
|
* All keys (secret and public) are stored inside the app's sqlite database. It resides in ``/data/data/org.sufficientlysecure.keychain/databases/openkeychain.db``
|
||||||
* Like every app on Android OS, OpenKeychain is [sandboxed to prevent other apps from accessing OpenKeychain's data](https://source.android.com/devices/tech/security/#the-application-sandbox). To emphasize this again: This means that other apps **cannot** access the private keys of OpenKeychain under Android's security model.
|
* Like every app on Android OS, OpenKeychain is [sandboxed to prevent other apps from accessing OpenKeychain's data](https://source.android.com/devices/tech/security/#the-application-sandbox). To emphasize this again: This means that other apps **cannot** access the secret keys of OpenKeychain under Android's security model.
|
||||||
* There is only one way to get around this: If you install apps that you allow root access or apps that exploit bugs in the Android distribution on your device to do privilege escalation attacks.
|
* There is only one way to get around this: If you install apps that you allow root access or apps that exploit bugs in the Android distribution on your device to do privilege escalation attacks. Even then, apps can only retrieve the secret keys containing the private values in an encrypted format. This would require reading the memory of OpenKeychain while a key is unlocked.
|
||||||
|
|
||||||
### Why is OpenKeychain's database not encrypted?
|
### Why is OpenKeychain's database not encrypted?
|
||||||
* Public keys are public, why encrypt them?
|
* Public keys are public, why encrypt them?
|
||||||
* The private parts of the secret keys are [already encrypted using a passphrase](http://tools.ietf.org/html/rfc4880#section-5.5.3). They are only decrypted/"unlocked" in-memory in OpenKeychain when used.
|
* The private parts of the secret keys are [already encrypted using a passphrase](http://tools.ietf.org/html/rfc4880#section-5.5.3). They are only decrypted/"unlocked" in-memory in OpenKeychain when used.
|
||||||
* We could use [SQLCipher](https://guardianproject.info/code/sqlcipher/), but I am unsure what attack scenarios this would prevent:
|
* We could use [SQLCipher](https://guardianproject.info/code/sqlcipher/), but I am unsure what attack scenarios this would prevent:
|
||||||
* Other apps already cannot access Openkeychain's data, this is enforced by Android's sandboxing
|
* Other apps already cannot access Openkeychain's data, this is enforced by Android's sandboxing
|
||||||
* If a malicious app executes an exploit and gains root access, it could also get the secret keys by reading OpenKeychain's memory
|
* If a malicious app executes an exploit and gains root access, it could also get the secret keys by reading OpenKeychain's memory or easier
|
||||||
* We would require another password for unlocking the SQLCipher database, so more inconvenience
|
* We would require another password for unlocking the SQLCipher database, so more inconvenience
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue