How are you transferring information to those services? No one can replace the android system services since they reside in services.jar which is on /system. Hence, not possible to spoof these services and steal your information.
-Earlence On Aug 4, 5:15 pm, Patrick Vicens <[email protected]> wrote: > They would need to produce a fake service on the phone with the exact name > of the service to replace it. I know during some of our research we > basically did a quick upload of a service manually to the phone (flashed the > service onto the phone with a card) that replaced the service. The > replaced service included extra features like tie-ins for text messaging and > such. I forget but I do believe there is a method in the base OS for > encryption, might be worth looking into. > > On Thu, Aug 4, 2011 at 10:28 AM, Narendran <[email protected]> wrote: > > Hi all, > > Can someone please take it. I couldn't find any doc or blog around > > that. > > > On Aug 3, 2:22 pm, Narendran <[email protected]> wrote: > > > Hello, > > > I'm developing an app which is passing some confidential info to a few > > > services (WifiManager and AccountManager to be precise) in plaintext > > > form. Can someone please let me know how easy or difficult it is for > > > hacking the Context of an app and spoof these services? I'm > > > essentially looking at avoiding information disclosure attack in my > > > app. > > > > And also, is there any recommended best practice in Java/Android world > > > when it comes to handling user's confidential data in your app. I was > > > looking for something like .NET's SecureString equivalent, but > > > couldn't find any yet. > > > > -- > > > Thanks > > > Narendran > > > -- > > You received this message because you are subscribed to the Google Groups > > "Android Security Discussions" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > >http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
