80,351
社区成员
发帖
与我相关
我的任务
分享基于Android平台的手机本地文件安全问题
本人目前从事Android平台的电子邮件客户端开发。
问题:
存储于本地的电子邮件数据文件,为了防止隐私遭到窃取,需要采用一定的安全策略。考虑过从以下方面入手:
1. 防止数据文件从外部被读取。这个比较困难。在用户强行取得root权限的情况下很难做到。
2. 对数据文件采取加密策略,即使文件被读取了,也难以获知其中内容。这种方式比较具有可行性,但是性能上的开销目前没有验证。
不知除此二法,还可以有什么样的安全策略,求建议。
问题:
存储于本地的电子邮件数据文件,为了防止隐私遭到窃取,需要采用一定的安全策略。考虑过从以下方面入手:
1. 防止数据文件从外部被读取。这个比较困难。在用户强行取得root权限的情况下很难做到。
2. 对数据文件采取加密策略,即使文件被读取了,也难以获知其中内容。这种方式比较具有可行性,但是性能上的开销目前没有验证。
不知除此二法,还可以有什么样的安全策略,求建议。
...全文
请发表友善的回复…
发表回复
yihua0001 2010-06-30
- 打赏
- 举报
第二种方法可以重点考虑。
rainius 2010-06-30
- 打赏
- 举报
Anyway, have you any other idea to protect private information which is stored in local file system?
[Quote=引用 3 楼 yyy025025025 的回复:]
100s/1M is not exactly. Maybe sercurity code is not good, but sercurity is not a good ideal.
[/Quote]
[Quote=引用 3 楼 yyy025025025 的回复:]
100s/1M is not exactly. Maybe sercurity code is not good, but sercurity is not a good ideal.
[/Quote]
yyy025025025 2010-06-30
- 打赏
- 举报
100s/1M is not exactly. Maybe sercurity code is not good, but sercurity is not a good ideal.
rainius 2010-06-30
- 打赏
- 举报
100s or 100ms?
100s would be an unacceptable time cost.
[Quote=引用 1 楼 yyy025025025 的回复:]
1. If user get the root permission, everything is over.
Sercurity can delay the time which user's data be stole, but can't protect it nerver be stole.
2. Simple sercurity seems will cost less t……
[/Quote]
100s would be an unacceptable time cost.
[Quote=引用 1 楼 yyy025025025 的回复:]
1. If user get the root permission, everything is over.
Sercurity can delay the time which user's data be stole, but can't protect it nerver be stole.
2. Simple sercurity seems will cost less t……
[/Quote]
yyy025025025 2010-06-30
- 打赏
- 举报
1. If user get the root permission, everything is over.
Sercurity can delay the time which user's data be stole, but can't protect it nerver be stole.
2. Simple sercurity seems will cost less time, such as 32bit RSA will cost 100s/1M.
Sercurity can delay the time which user's data be stole, but can't protect it nerver be stole.
2. Simple sercurity seems will cost less time, such as 32bit RSA will cost 100s/1M.
vclongking 2010-06-30
- 打赏
- 举报
[Quote=引用 1 楼 yyy025025025 的回复:]
1. If user get the root permission, everything is over.
Sercurity can delay the time which user's data be stole, but can't protect it nerver be stole.
2. Simple sercurity seems will cost less ti……
[/Quote]got it.
1. If user get the root permission, everything is over.
Sercurity can delay the time which user's data be stole, but can't protect it nerver be stole.
2. Simple sercurity seems will cost less ti……
[/Quote]got it.
