Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated App Security (markdown)

dschuermann 2014-10-09 07:05:25 -07:00
parent ba49c025d1
commit 771f7f7993
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
App-Security.md

@ -19,7 +19,7 @@ From ``./lint --show AllowBackup``:
* Secret keys contains private values in encrypted format, see above
* We could use [SQLCipher](https://guardianproject.info/code/sqlcipher/), but I am unsure what attack scenarios this would prevent:
* Other apps already cannot access Openkeychain's stored data, this is enforced by Android's sandboxing
* If a malicious app executes an exploit and gains root access, again: It can access the stored but encrypted secret keys, getting the private values requires reading the memory
* If a malicious app executes an exploit and gains root access, again: It can access the stored but encrypted secret keys, getting the private values requires reading the memory, this attack is not prevented by encrypting the database again.
* We would require another password for unlocking the SQLCipher database, so more inconvenience