Friday, July 22, 2011

Re: [android-developers] Intent with sensitive param

@Mark That is extremely interesting! Just like you, I assumed that intent extras were private. This begs the question... What to do then to keep intent extras private? Better yet, how should we pass sensitive data in an intent extra in such a way that the data remains secure?

For example, in the OP's question they use the example of a password. Now you can encrypt that password before sending as an intent extra thus any nefarious app would not actually collect the "real" password. However, if the receiving end expects an encrypted password then all the bad app has to do is use the encrypted password string and voila it has access.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)