Updated App Security (markdown)
parent
79929af4ba
commit
75f9fa5073
|
@ -9,7 +9,7 @@ From ``./lint --show AllowBackup``:
|
|||
> This may have security consequences for an application. adb backup allows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user. adb restore allows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself.
|
||||
|
||||
* Due to ``android:allowBackup="false"``, apps such as [Helium](https://play.google.com/store/apps/details?id=com.koushikdutta.backup) will **not** work
|
||||
* We explicitly do not implement a [Backup Agent](http://developer.android.com/guide/topics/data/backup.html), so no keys are transferred to Google's cloud.
|
||||
* We explicitly do **not** implement a [Backup Agent](http://developer.android.com/guide/topics/data/backup.html), so no keys are transferred to Google's cloud.
|
||||
* All keys (secret and public) are stored inside the app's sqlite database. It resides in ``/data/data/org.sufficientlysecure.keychain/databases/openkeychain.db``
|
||||
* Like every app on Android OS, OpenKeychain is [sandboxed to prevent other apps from accessing OpenKeychain's data](https://source.android.com/devices/tech/security/#the-application-sandbox). To emphasize this again: This means that other apps **cannot** access the private keys of OpenKeychain under Android's security model.
|
||||
* There is only one way to get around this: If you install apps that you allow root access or apps that exploit bugs in the Android distribution on your device to do privilege escalation attacks.
|
||||
|
|
Loading…
Reference in New Issue