Hi All, I'm trying to determine the best way to securely handle state transitions. Specifically, how to securely persist items such as Session Keys or Session IDs between restarts due to a device rotation, language change, etc (http://developer.android.com/guide/topics/resources/runtime-changes.html).
Is there a per-restart key available in the onDestroy()/onCreate() cycle? Note that I don't want to store the secret (or an encryption key) in a Keychain or Keystore since it can be recovered. I would prefer something that only lives in memory with a limited lifetime (the time it takes for the restart). What does Android provide at the application level to help ensure sensitive information is not serialized in plain text across restarts? Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
