Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You are absolutely right.

Still, I think Google is taking the wrong approach: the insecure /sdcard partition is the place where most of the storage is in nearly all Android phones. If your app needs to store larger amounts of data, that is the place to do it. Now, there are methods to use that storage a lot more securely than this, but the way Android works really leaves developers no other option than storing this stuff on the SD card.

Google should lock down access to the SD card even more, but they'll probably cause an uproar and break many apps.



Google did, almost everybody on HN whined like a baby. https://news.ycombinator.com/item?id=7255579


> the insecure /sdcard partition is the place where most of the storage is in nearly all Android phones.

/sdcard and /data are on the same partition these days, you should just be using the app's private folder if the data is sensitive in the slightest. Which in this case it clearly is, and it's not even large data.


This is true on Nexus phones, but it's a mount point (not "emulated") on Samsung or other SD-card-equipped phones, which I think--not sure--is more of a majority.


No, on Samsung & other SD-card-equipped phones /sdcard points to internal storage and there's some other path, like /sdcard2, that points at the actual SD card.


Yeah I agree - increasing the size of internal storage was a blessing for my/our apps in terms of security (no more storing of secure data on shared storage due to lack of space).

Google should probabl MTP from the start and just formatted SD cards with one of the ACL supporting filesystems to get security right. But as the saying goes... it's easy to be a general after battle :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: