Answer the question
In order to leave comments, you need to log in
A
A
Artem2018-06-25 14:30:42
Artem, 2018-06-25 14:30:42
Is it safe to use Android KeyStore Provider?
Task: the application must store the secret key (string), securely, without the possibility of extraction through decompilation of the application or root.
It is known that Android has three built-in mechanisms for storing secret data. KeyStore, KeyChain and Android KeyStore Provider:
- KeyStore is the least secure (because you can get access directly to the file with encrypted data using root)
- KeyChain is more convenient for sharing secret data between applications (asks user for permission via system dialog)
- Android KeyStore Provider seems to be the most suitable for the task.
Questions:
- How is the Android KeyStore Provider protected from application decompilation?
- Can we avoid the destruction of information when changing or disabling the password to the device? Android 6.0 and above.
- How is Android KeyStore Provider secured on rooted devices? It seems that on some devices a certain hardware-protected storage is allocated for storing such data, where access is denied even with root. But what are these devices? How many? And what happens on other rooted devices - is this data just in some directory?
Similar questions
0
B
L
G
C
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question