Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
The secret keys are stored in the clear in the databases database. #253
Original issue 254 created by wolfkabal on 2013-03-26T20:08:34.000Z:
What steps will reproduce the problem?
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Thank you for your report. This is working as intended/designed.
Step # 1 assumes you have root access or have otherwise compromised the security of the Android device. Security of data stored on or processed by such devices cannot be guaranteed.
Regarding your comments about backups, this database is excluded from backup. See the above paragraph if you're referring to root-requiring backup mechanisms/tools.
I understand the official Google response, however counting on just the basic permission scheme within Android seems like asking for trouble.
As the use of Authenticator proliferates beyond just Google apps (i.e. Banking, etc), it would seem prudent to further protect the database. As an example, their current issues aside, look at how RSA secures the data with their soft-token application - you're not going to get it off the system it is installed on.
To your response about root - let's assume the phone is stolen. There are ways to temporarily root a device that would allow access to the Authenticator database.
The point is, someone using Authenticator is counting on the enhanced security that it provides and as time goes on may have their entire digital/financial life protected by that application. It does not seem reasonable to rely solely on basic system security as the only method of protecting such important information.
If you were a company and were having a PCI audit and you told the auditors that while the customer credit card database was unencrypted, NO worries though, because the system is behind a firewall, has good passwords and the system ACLs will protect the data - guaranteed. Would you pass the audit? Should you pass the audit? Would you want your information handled by that process?
Security designs should ALWAYS assume something will go wrong with any layer of protection and within reason each potential failure should have some form of mitigation. I would think that having more than one robust layer to protect important information is just basic due diligence. Especially nowadays.