implement android keystore to prevent unwarranted access to private key #35
Conversation
|
How does this interact with Cacheword? That is controlling the key used to unlock IOCipher. Shouldn't we implement this capability in Cacheword itself, and not just in CameraV? |
|
yes it would be great if cacheword used the Android Keystore, as long as it provides a real security improvement and doesn't harm usability. I haven't looked too deeply into the Android KeyStore stuff, so I can't say too much about it. Here's what Abel has to say on the topic: |
|
Agree, but I didn't want to touch Cacheword because I am not as familiar with the codebase. Also worth noting, it appears that my upgrade to Marshmallow borked this feature as I implemented it (although working fine on pre-6 devices). Will follow up in coming days... |
(harlo#3)
While access to the internal data is protected on non-rooted devices, a rooted device could potentially access the contents of the iocipher storage and abuse the private key.
Proposed fixes:
We should further discuss properly using Android Keystore, especially in relation to rooted devices.