On 3 Sep, 10:44, Chris Stratton <[email protected]> wrote: > On Sep 3, 3:36 am, JWJu <[email protected]> wrote: > > > To root the > > device the attacker would need to reboot the device and then the > > passphrase would be cleared. > > Untrue - or true only for certain designed in firmware methods of > rooting, but not for the volnerabilities in the running kernel that > are discovered a few times a year. > > Requiring password entry on application installation could be a start, > but won't protect against quiet or rarely triggered exploits buried in > otherwise legitimate and useful apps.
Ok, I guess that these are complex problems with no easy solutions. I read an eartlier thread about "data at rest" which was interesting, but at the same time left me thinking that the state of things today are very insecure. So what strategy should I choose to protect my data today? Just keep everything off my telephone? Keep a list of saved passwords and sites, and change password (revoke access) at all sites immediately if the mobile phone is lost/stolen? Is OAuth something that could solve some of these issues? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
