Menu
The following problem was tested with android version 4.3 and a nexus 7
When using the KeyStore with Android version 4.3, the key are deleted after setting the lock screen to none, it doesn't matter if the lock screen was set none before.
To reproduce this, you can use the provided android sample located under
"sdk\samples\android-18\security\keystore\BasicAndroidKeyStore".
After running the application:
While examining the android source code i found out, that in line 639 the keystore seemed to be reseted. See: https://android.googlesource.com/platform/frameworks/base/+/52c489cd63cca0361f374f7cb392018fabfa8bcc/core/java/com/android/internal/widget/LockPatternUtils.java
Any one knows why this happens? I reported this to the android community https://code.google.com/p/android/issues/detail?id=60176
Edit: In the android version 4.2 you couldn't set the lock screen to none if some key's were saved. you had to delete your credential first before doing so.
660
The Android Keystore system lets you store cryptographic keys in a container to make them more difficult to extract from the device. Once keys are in the keystore, you can use them for cryptographic operations, with the key material remaining non-exportable.
This appears to be a bug in Android from 4.3 onwards. There's a very good article on it here:
Android Security: The Forgetful Keystore
The author says that some people claim this is a feature rather than a bug, but I disagree. If encrypted data is about to be rendered unreadable the platform should at least inform the user, if not prevent them from proceeding altogether.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
