undefined | Better HN

0 pointsdaenney9y ago0 comments

> Given Google's stance of not encrypting local storage in any way that I am aware of, this is fundamentally unsurprising

How does not encrypting local storage relate to this story? You're just pulling that one out of thin air to somehow prove your point. Besides the fact that there is no correlation between encrypting local storage and intercepting keystrokes or more broadly owning the kernel, it's also false. Though there are concerns with how disk encryption is implemented in Android and there are ways around it, it's come with FDE since version 5.0.

Encrypting local storage wouldn't have saved you one bit from this kind of thing where they just intercept the keystrokes. And your app wouldn't be safe from it either.

0 comments

libertymcateer9y ago

I agree. Wholeheartedly. The point, however, is that it belies Google's larger approach, including that they turned a browser into an operating system.

Encrypting local storage would not have saved you. Absolutely. Maybe I am reading tea leaves, but it seems to me that this is indicative of the sort of security-lax mindset that allowed android to be owned.

> And your app wouldn't be safe from it either.

Yup. I know. It is a concern.

j / k navigate · click thread line to collapse