Updated App Security (markdown)

2014-10-09 07:04:03 -07:00 · 2014-10-09 07:04:03 -07:00 · ba49c025d1
parent fd85eaf70e
commit ba49c025d1
1 changed files with 2 additions and 2 deletions
--- a/App-Security.md
+++ b/App-Security.md
@ -18,8 +18,8 @@ From ``./lint --show AllowBackup``:
 * Public keys are public, why encrypt them?
 * Secret keys contains private values in encrypted format, see above
 * We could use [SQLCipher](https://guardianproject.info/code/sqlcipher/), but I am unsure what attack scenarios this would prevent:
-    * Other apps already cannot access Openkeychain's data, this is enforced by Android's sandboxing
-    * If a malicious app executes an exploit and gains root access, it could also get the secret keys by reading OpenKeychain's memory or easier 
+    * Other apps already cannot access Openkeychain's stored data, this is enforced by Android's sandboxing
+    * If a malicious app executes an exploit and gains root access, again: It can access the stored but encrypted secret keys, getting the private values requires reading the memory
    * We would require another password for unlocking the SQLCipher database, so more inconvenience