ePGP extension for mobile

vedaal at nym.hush.com vedaal at nym.hush.com
Tue Dec 31 17:11:06 CET 2013



On Monday, December 30, 2013 at 9:00 PM, "Olav Seyfarth" <olav at enigmail.net> wrote:

>I cannot tell the quality of those apps in respect of robustness 
>against attacks

...

>cannot peer review these apps. But I feel this would be necessary and 
>maybe someone on >the list already reviewed or is willing to one or another app 
>source. Would be 
>interesting to hear about. Concering this list: is that too off-
>topic?
>
>Due to the nature of device roaming, on mobile devices other 
>questions arise,
>too. At least think about device authentication, encrypted storage 
>(device/app),
>and whether want to use/store the same secret key (or use 
>different (sub)keys).
               
=====

Many useful android apps require 'rooting' the phone,
(i.e. 'startup killers' which uninstall any/all unwanted apps put in by the phone manufacturer which use up memory and battery).

Google Play refuses to take any responsibility on using google wallet on any rooted phone,
(It could be their way of getting back at users for removing apps and ads, but there probably is a real security issue too ... ).

So, if it's probably not safe to do credit cards/payments on a rooted phone,
 it might be prudent not to trust encryption to a rooted phone, even if the encryption apps themselves have been reviewed and vetted,
especially if someone has more than one app needing root access.

As phones are increasing in memory and processing power,
maybe an app could be developed to use a smart card usb reader on a phone.

(I would be willing to pay for such an app, 
If developers think enough others would be willing to buy such an app to make it worthwhile,
then maybe gnupg on android could be widely used.)

fwiw,
I have played around with APG and like it, but don't trust the 'phone' with it.


vedaal




More information about the Gnupg-users mailing list