What kind of sensitive data is it? Does it need to be secured from the owner of the phone? Or just from third parties? How would you store the data if you were writing a PC or Mac app? In both of those environments the user would also have root equivalent access to the file system.
On Dec 15, 6:18 am, azahara <[email protected]> wrote: > Hi everybody, > > I am working on a project that requires to store sensitive data on an > android mobile phone. Up to now, it seems that the suitable place to > store that data is the private folder that is owned by the > application. However, in a rooted phone this folder can be accessed > easily. > > Other alternative is related to encryption. Again, the point is where > to store the corresponding key. The security API of android provides a > keystore class that can contain cryptographic keys. Does anybody knows > where this file is stored?, is it necessary to create a keystore for > each application that required it? and how secure is the access to > the information in this file by unauthorized applications?. > > Any idea or suggestions will be welcome! > > thanks -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
