Sunday, May 29, 2011

[android-developers] Re: NFC send Photo

Ah. Well, I'm going to assume you understand your customers (but suggest you always question whether you do! :=)

Indeed, one should always keep one's security practices in conformity with the nature of what you are protecting. 

But I would certainly consider salary information to be sensitive enough to justify encryption. But you're not giving us a lot of detail, so I guess I can't say much more. (I am not faulting you for that).

Good luck.

On Sunday, May 29, 2011 9:21:39 PM UTC-7, Zsolt Vasvari wrote:
I have zero problems with using a servers, but my customers do.  My
app doesn't require an Internet permission and I intend it to keep it
that way.

By "sensitive" I dont' really mean to the point where if I steal a
user's phone, I can drain his bank account empty.  The worse that will
happen is they find out how much I make.  It's nothing a Chinese
person wouldn't flat out ask you and would expect an honest answer :)



On May 30, 12:14 pm, Nikolay Elenkov <nikolay...@gmail.com>
wrote:
> On Mon, May 30, 2011 at 12:51 PM, Bob Kerns <r....@acm.org> wrote:
> > Don't worry about the terminology -- "ad hoc wifi network" is what you're
> > looking for. I just wanted to figure out what you intended to say.
>
> > Hmm, "peer-to-peer" and "sensitive financial data" has me a bit concerned.
> > I don't advocate sending sensitive data, via servers or not, unencrypted. I
> > hope you're using some sort of public key encryption, with a secure key
> > exchange, such as Diffie-Hellman. If all I have to do is eavesdrop on your
> > NFC communications.... (The role of the public key encryption part is to
> > give you a way to strongly identify the recipient you're exchanging the
> > encryption keys with).
>
> It might actually be easier and more secure to exchange just URLs, and
> have the app get the data via https *and* authenticate to the server, rather
> than trying to implement a secure protocol on top of NFC. That way the app
> can be sure it's talking to the right server (server certificate) and
> the server
> can be sure it's giving the data to the right person (Google account, etc.
> authentication).

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

posted by twitter @ 10:06 PM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home


Real Estate