Sorry, I thought this was android-security-DISCUSS. Let's keep it friendly and encourage discussion.
I don't see anything in section-8 of the CDD that precludes such hardware. I would think that one could stay within the constraints of the CDD and add a TPM, for example. The question is whether anyone is finding a compelling reason to go down this road. On Thu, Sep 2, 2010 at 3:49 PM, Chris Palmer <[email protected]> wrote: > Regarding hardware key storage: The Android Compatibillity Definition > Document (http://source.android.com/compatibility/android-2.2-cdd.pdf) > does not specify one, so no. > > Therefore, applications would have to get keying material from > somewhere else, such as a user's PIN or password. Failing that, > encryption becomes mere "obfuscation" or "encraption" and is greatly > less effective. > > As for what individual Android applications do, check their source code. > > In general, many questions on this list can easily be answered with > common sense, Google searches, list archive reading, and > documentation/code reading. I don't say this to be rude --- I mean it > as gently as possible --- but the same questions keep coming up. > > The reason we make Android open source is so that you don't have to > wonder: you can know. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
