I am talking about the data caging model of Symbian OS. It is clear that the \private folder fits well to the sandbox model, i.e. the application is protected in run time. But my question is:
1> can we store some sort of persistent data in the private folder?
I think yes, the data created in previous session can be reused in the next session.
2> Is it true or not the data stored in \private folder still can be siphoned off without permission of the application, its true owner?
Some possibilites are:
- A kind of file browser app with AllFiles capability can copy data from \private folder.
- The owner of device can read data by the backup process. Thus, encryption of data in \private folder is useless, user can mount an off-line attack.
In short, private is not really private.
Does anyone know any API that can help us to encrypt data in \private folder, the key will be hold BY OS only and return to the application upon request. Because OS must verify and authenticate the application first anyway. In other words, even the owner of device, with malicious intention can not read a sh from the \private folder because s/he can not find the key stored anywhere in the device.
Did i miss smt?