This is NO DIFFERENT than a desktop computer. The person owns the device. Ultimately they will be able to do with it what they want, whether or not you try to prevent them. And if a person jailbreaks an iPhone? Same thing. I don't really understand why this is so traumatic, this is just reality.
On Tue, Sep 15, 2009 at 10:09 AM, Carmen Delessio <carmendeles...@gmail.com>wrote: > Based on this, is your perspective that Andrei is correct that "basically > storing private data on the phone is actually impossible?" > > My goal is not even store the data, but to have one time access for the > application to a secure piece of data. > > The suggestion about being careful about where to put the encryption key, " > get it over the network, only keep it in RAM, never let it be written to > storage," does not seem to address decompiling the .dex file. The key > would be put into RAM by the program that can be decompiled. > > I am not typically a paranoid regarding security, but this seems like it > should be a legitimate concern. I'd like to be wrong about that. If this > is a theoretical, but unlikely scenario that would be great. > > Carmen > > > > > On Tue, Sep 15, 2009 at 12:58 PM, Yusuf Saib (T-Mobile USA) < > yusuf.s...@t-mobile.com> wrote: > >> >> You say that like it's a bad thing. Re-discovery worked well enough >> for Columbus. >> >> >> Yusuf Saib >> Android >> ·T· · ·Mobile· stick together >> The views, opinions and statements in this email are those of the >> author solely in their individual capacity, and do not necessarily >> represent those of T-Mobile USA, Inc. >> >> >> >> On Sep 15, 9:11 am, Chris Stratton <cs07...@gmail.com> wrote: >> > On Sep 15, 10:38 am, Carmen Delessio <carmendeles...@gmail.com> wrote: >> > >> > > I want >> > > to get a handle on implementing security in an enviroment where: >> > >> > > 1. Developers can have a rooted phone >> > > 2. Developers can decompile your code >> > >> > You have just re-discovered why security in a network environment >> > starts with the premise that a server cannot trust a client >> > computer, >> >> > > > > -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---