Android Keystore - can a user key get root if it installed this user?

Question

Android Keystore - can a user key get root if it installed this user?

With Android 4.3, Android has its own keystore, where I can store keys and use them later for encryption / decryption.

It says here and here that each key can only be obtained by its owner, and even root cannot receive it.

My question is: Could I write a program that would switch my uid to the owner of the key, extract it and then use it to decrypt data that I should not have access to?

Edit: Added link to the keystore file.

+7

android security encryption android-keystore

Ido Mar 13 '14 at 12:14

source share

2 answers

Marek pola · Answer 1 · 2014-07-30T20:40:42+0000

It is true that usually a key can only be obtained by the user who saved it.

See for example: http://nelenkov.blogspot.se/2011/11/using-ics-keychain-api.html

If the device is rooted, keys cannot be obtained anyway, unless the attacker also has a password.

If an attacker connected to the device and has a password or the device is unlocked, the game ends.

Patrick brennan · Answer 2 · 2014-12-05T18:05:38+0000

"Could I write a program that would switch my uid to the owner of the key, extract it and then use it to decrypt data that I should not have access to?"

UIDs are assigned to individual applications during installation. Android application cannot change its UID.

Android Keystore - can a user key get root if it installed this user?

More articles: