官术网_书友最值得收藏!

What about mobile?

When it comes to which workflow to use for an application on a mobile device, the same considerations are taken into account: can the application securely store and transmit confidential data. This topic gets interesting when we start discussing modern mobile platforms. Most modern mobile platforms provide APIs for secure storage:

  • iOS: iOS 4+ SDK utilizes Data Protection
  • Android: Android 6+ SDK v23+ provides the Android Keystore system
  • Windows Mobile: Windows Phone SDK 8+ provides the DPAPI (Data Protection API)

Tip

This is not an exhaustive list of APIs for secure storage for each platform. Most modern mobile platforms actually provide many different methods for securely storing your data. This is only a sampling.

Used in conjunction with secure transmission protocols, such as SSL or TLS, many application developers consider these satisfactory for the requirements of secure storage and transmission of confidential information, and therefore consider their mobile applications trusted. This thinking, however, is flawed. Certainly, these secure storage APIs are very secure, and are satisfactory for most practical situations. However, for applications that require a higher level of security and scrutiny, they should be considered untrusted. See the Are mobile applications trusted or untrusted? section in Chapter 10, What About Mobile?, for a more detailed discussion of this topic.

主站蜘蛛池模板: 梁河县| 兰溪市| 积石山| 舞钢市| 岱山县| 泽普县| 咸丰县| 肇东市| 吉木乃县| 祥云县| 遂昌县| 徐水县| 民和| 綦江县| 怀集县| 霞浦县| 巫山县| 武胜县| 融水| 新昌县| 晋中市| 崇州市| 宜城市| 奎屯市| 镇江市| 陆丰市| 潮安县| 武定县| 镇康县| 卢龙县| 乌拉特后旗| 綦江县| 松滋市| 昭平县| 达日县| 瑞丽市| 巩义市| 汾阳市| 灵石县| 德钦县| 太仆寺旗|