基于Android平台的手机本地文件安全问题
本人目前从事Android平台的电子邮件客户端开发。问题:
存储于本地的电子邮件数据文件,为了防止隐私遭到窃取,需要采用一定的安全策略。考虑过从以下方面入手:
1. 防止数据文件从外部被读取。这个比较困难。在用户强行取得root权限的情况下很难做到。
2. 对数据文件采取加密策略,即使文件被读取了,也难以获知其中内容。这种方式比较具有可行性,但是性能上的开销目前没有验证。
不知除此二法,还可以有什么样的安全策略,求建议。 --------------------编程问答-------------------- 1. If user get the root permission, everything is over.
Sercurity can delay the time which user's data be stole, but can't protect it nerver be stole.
2. Simple sercurity seems will cost less time, such as 32bit RSA will cost 100s/1M. --------------------编程问答-------------------- 100s or 100ms?
100s would be an unacceptable time cost.
--------------------编程问答-------------------- 100s/1M is not exactly. Maybe sercurity code is not good, but sercurity is not a good ideal. --------------------编程问答-------------------- Anyway, have you any other idea to protect private information which is stored in local file system?
--------------------编程问答-------------------- got it. --------------------编程问答-------------------- 第二种方法可以重点考虑。
补充:移动开发 , Android
