开发者

execute custom code on android installation

I have an android application that maintains some confidential data (encrypted) and I'm trying to handle a case where this encrypted data is maintained across an update of my application. I want different versions of my application to have different 开发者_JAVA百科encryption keys and I dont want new versions of the application to contain keys for every preceeding version.

My idea was to run some code on application install which would allow for re-encryption of this data, but I android firstly doesnt seem to provide any means to execute application code in application install. secondly, I dont see anyway for the newly installed version of the application to execute code in the previous version.

This doesnt seem so unreasonable a thing to do for me, can someone confirm that android doesnt allow this and explain why ? In terms of solutions, I have to either use the same key for all applicaitons or have a new version of my application reconstruct this data through other means ...

[there is another question somewhat related (link below) but it is a different case and the answer doesnt provide any reference]

Is there a way to make my Android app run some custom code upon installation?

http://groups.google.com/group/android-framework/browse_thread/thread/0f1617d28e8ff05e


I want different versions of my application to have different encryption keys and I dont want new versions of the application to contain keys for every preceeding version.

Why? That will not improve your security. Your encryption key can be found in a fairly short period of time. The only safe encryption key is one that is in the user's head, as that at least requires rubber hoses or buckets of water to obtain, which cannot readily be automated.

My idea was to run some code on application install which would allow for re-encryption of this data, but I android firstly doesnt seem to provide any means to execute application code in application install.

Correct. I think you can be notified about application updates via a broadcast Intent, but definitely not installs or removes. This is to prevent drive-by spyware, among other things.

secondly, I dont see anyway for the newly installed version of the application to execute code in the previous version.

Of course not. There may not be space for both versions, for starters. Second, since they are the same Java classes in the same package for the most part, there is no good way to even have both versions in the same virtual machine.

This doesnt seem so unreasonable a thing to do for me

You are welcome to your opinion.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜