Android的钥匙扣用户凭据 [英] Android Keychain for user credentials
问题描述
有一种等效为iOS的在Android上的钥匙串?
Is there an equivalent to iOS's keychain on Android?
我在 $ P $的理解pferences API 的是,它没有被加密。对于我的应用程序也不要紧阉这些凭据在设备持续(即不同的使用情况下的 iPhone类似的钥匙扣在Android中?)
My understanding of the Preferences API is that it is not encrypted. For my application it doesn't matter wether these credentials are persisted across devices (i.e. a different use-case to iPhone-like Keychain in Android?)
我也看了密钥库API ,但它似乎离开了用户凭据的实际存储到应用程序开发人员。
I also looked at the KeyStore API but it seems to leave the actual storage of user credentials up to the application developer.
感谢您的帮助!
推荐答案
我听说,因为每个应用程序不同的UNIX用户下运作,并用于存储应用程序数据的文件系统是通过正常的UNIX权限保护,直接存储数据到应用程序的目录是安全的,因为,说iPhone的钥匙串API。
I have heard that because each app operates under a different UNIX user, and the filesystem used to store app data is secured by normal UNIX permissions, that storing data directly to the app's directory is as secure as, say the iPhone's keychain API.
该网页从开发者的网站说明它更好地:<一href="http://developer.android.com/guide/topics/security/security.html">http://developer.android.com/guide/topics/security/security.html
This page from the developer's site explains it better: http://developer.android.com/guide/topics/security/security.html
值得注意的是,iPhone的钥匙扣API是不是很安全,比起说SSL。由于解密密钥存储在iPhone本身,这是不难嗅出在植根手机解密密钥。 (你会等同需要根在Android手机上读取应用程序的UNIX目录中的数据。)本文讨论iPhone的钥匙串的安全漏洞: <一href="http://www.tipb.com/2011/02/10/security-researchers-iphone-passwords-circumvented-data-stolen-6-minutes/">http://www.tipb.com/2011/02/10/security-researchers-iphone-passwords-circumvented-data-stolen-6-minutes/
Notably, the iPhone keychain API isn't very secure, compared to say SSL. Because the decryption keys are stored on the iPhone itself, it's not difficult to sniff the decryption key on a rooted phone. (And you would equivalently need root on an Android phone to read an data from the app's UNIX directory.) This article discusses the iPhone's keychain security vulnerabilities: http://www.tipb.com/2011/02/10/security-researchers-iphone-passwords-circumvented-data-stolen-6-minutes/
这篇关于Android的钥匙扣用户凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
