New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce Threat model #782
Comments
There have been a few blog posts on this topic. |
I would argue that "#2761 Make disabling passphrase password protected" should be extended. Maybe an option that will immediately lock storage upon entering privacy settings, requiring the passphrase to change anything in the privacy settings and unlock the store again. |
GitHub Issue Cleanup: |
It would be good to know what attacks/threats were already considered in the current design and how they should be prevented. Additionally it would make sense to add those which were left out or are not considered at the moment.
Maybe this could be done in the context of a wiki page.
Threat related Issues
Uncategorized
Being forced to do something:
Traffic Analysis:
Message Security
Application
Application Locking:
FLAG_SECURE
(PR Flag secure in all activities that extends BaseActionBarActivity #4152)Application Storage Security:
Application Runtime Security
Denial of Service
Application hiding/obfuscation
APK/Building/Packaging/Releases/Download
Dependencies (e. g. other libraries)
Authentication:
(Leak of) Personal Identifyalbe Information (PII) / Privacy:
Communicating/Showing Security related Issues
Threat Model
The text was updated successfully, but these errors were encountered: