Agreed on the security point. I was just curious as to whether the was any effort made to go beyond that in terms of key storage.
On Thu, Sep 2, 2010 at 3:21 PM, Chris Stratton <[email protected]> wrote: > Stored website passwords are in clear text protected only by process > linux file system permissions, so accessable to anyone in possesion of > your device long enough to root it. Obfuscating them wouldn't be very > secure as the source code of the browser and underlying engines is > available. > > > > On Sep 2, 7:49 am, JWJu <[email protected]> wrote: >> How are security credentials/passwords stored on android phones? Are >> they encrypted or in other way secured in case of i.e. theft? >> >> For example, if my telephone gets stolen, would it be possible to >> easily get access to stored browser passwords, my google password, app >> passwords (e.g. login to cloud services) >> >> Are these in some way encrypted and tied to PIN, unlock code or other >> are they completely "in the open"? Is it up to the individual app >> developer to securely store credentials/passwords/data (if possible) >> or does it exist a security framework in Android? >> >> Thanks for any insight, from someone new to Android! > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
