http://android-developers.blogspot.se/2012/03/unifying-key-store-access-in-ics.html
Although the public details of the KeyChain are pretty sketchy, I don't think Google's approach to key security will stand the litmus test. To give applications access to your location is something an average user *may* understand the consequences of, while giving an application access to a key is not. In addition, for most keys, it is the *issuer* that is primarily concerned about what kind of software is accessing *their* keys. Related: http://lists.w3.org/Archives/Public/public-webcrypto/ Anders -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
