---------- 전달된 메시지 ---------
보낸사람: Jinyoung Hur <알 수 없음>
날짜: 2021년 10월 30일 토요일 오전 3시 14분 57초 UTC+9
제목: Hard-coded encryption key on Android
받는사람: Chromium-dev <알 수 없음>
Hi,
I've noticed that on Android, login data is encrypted via a hard-coded key. [1]
According to Chrome Security FAQ [2], it seems that in other major platforms, Chromium generates and stores an encrption key using OS's user storage.
I'm curious if we have a plan for improving the hard-coded key on Android using platforms's secure storage, like Android keystore system. [3]
Or, has there been any security decision like, a hard-coded key is safe enough especially on Android platform because login data is stored in app local storage?
Thanks in advance!
Jinyoung