Android 1.6 and Credential Storage

The SDK for the next version of the Android operating system, 1.6 aka “Donut,” was released last week. The SDK is the set of packaged files that developers use to create applications for version 1.6. Wireless carriers generally push the updated version to devices within a month or two of the SDK release.

I was pretty blown away by a few of the additions:

  • Battery usage indicator that shows which applications are consuming your device’s battery, out of a percentage of 100
  • Support for four varieties of VPNs: L2TP/IPSEC pre-shared key, L2TP/IPsec certificate, L2TP only, and PPTP only (see screenshots of configuration)
  • Device-wide search. Applications can provide search results. So if you search for a friend’s name, the Meebo IM application could return that buddy as a search result, and clicking the buddy could open an IM conversation with them.
  • Built-in text-to-speech APIs for applications. For example, the Meebo IM application could speak your incoming IMs if your device’s screen is not active.
  • Support for CDMA
  • Gestures

I’ve also noticed what appears to be a system wide password safe/keychain/credential store. Here’s a screenshot of some new options from the bottom of Settings –> Security & Location:

Screenshot of Android settings for credential storage

This should theoretically allow applications to store sensitive information in a secure way. However, this wasn’t mentioned in the release notes and the API documentation is “hidden,” meaning developers aren’t intended to use the classes yet. The classes are android.security.CertTool android.security.KeyTool android.security.Reply and android.security.ServiceCommand. These classes seem to only used by the Settings application for storing Wifi and VPN credentials.

I tested out the password store with the VPN and it seems to work well–I tried to import a .p12 file and it prompted me to enter the password to unlock my credential storage. I’m not sure if the authorization eventually times out.

I think Android needs a system-wide password storage facility pretty badly, and I really hope they publicize this API in the future. There exists an open source password safe called OI Safe which works well, but this really needs to be a part of the operating system so that applications can depend on it.

This entry was posted in All. Bookmark the permalink.

3 Responses to Android 1.6 and Credential Storage

  1. pjmartin says:

    I really do try to understand your posts…

  2. praeluceo says:

    Hi, I read your post and have been trying to get the certificate store to work with importing .pem and .der certificates from the root of the sdcard, but with no luck at all.

    I know you posted this a while ago, but I can’t even get the import dialog to come up. Did you write a piece of code to present it? If not, how did you get it to detect your certificate and bring up the “import” prompt?

    Curious minds want to know!

    Pleasantly,
    Ronald Bynoe

    • Mark Doliner says:

      Hi Ronald. I wasn’t writing code to use the import dialog–I just opened a .p12 attachment my email and I guess the default handler is the import dialog.

Leave a Reply

Your email address will not be published.