Chris Palmer wrote:
The bank wants to deposit a key for on-line banking or payments.
They want to be sure that in a non-broken/non-rooted system the
key is only usable by application(s) they have granted (but not
necessarily written). This is a legitimate requirement for enterprise
keys as well.
Sure. So the browser (say) hosts or uses to a key store Service.
(Obviously we are no longer talking about the standard Android
browser.)
Right.
http://webpki.org/auth-token-4-the-cloud.html
When the user clicks on a certain kind of link, the browser
gets a key from the web server and stores it its storage Service,
along with some kind of policy from the server. The policy might be:
"Only give this key out to other apps on the device if they are signed
with this site's own Android developer certificate."
Well, since this is not only about Android this would rather be
a special case. The more common use-case would be that a bank
would say "restricted to platform browser". The same would be
valid for a lot of similar entities like e-governments.
Then, other apps can try to request the key from the storage Service.
If they meet the policy requirements for that key, the Service serves
out the key. Otherwise, not.
Exactly.
http://developer.android.com/reference/android/app/Service.html
The alternative is to lock down the entire device and that is IMO
not a very attractive position.
Actually, depending on the expected volume of transactions, it can
make perfect sense. Some banks already do ship high-transaction-value
clients special laptops for use only with the bank. A $1,000 laptop is
a small price to pay to avoid a bunch of phishing and fraud. A $250
Android-based netbook (for example) is even cheaper.
I'm not looking for "extremist" kind of solutions but schemes that
could work reasonable well for the 4 billion users we have today.
Most consumers transactions are pretty small and if you want to do
a big one the bank may challenge you with additional information.
This can hardly be any different than on-line credit-card or giro
transactions done from PCs.
I like Androids open model and if they shelve that, I think they may
as well shelve the whole thing.
Anders
--
You received this message because you are subscribed to the Google Groups "Android
Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
