0

I have a SDK which is being used by many merchant applications. As all these applications use my SDK I want to expose the key stored in android keystore system generated by one application, to all the applications on that device. Is this possible in the current Android Keystore System? Is it possible to make it world readable, similar to shared preference? If this feature is not available then what would be a good method to do it as merchants will not let their APP being used as way of authenticator.

I checked the following links for possible solutions. After going through these links I understood that the key will be accessible to the app generates it and application can access it by reflection.

  1. link
  2. link
  3. link
  4. link
  5. link
Community
  • 1
  • 1
nsp
  • 378
  • 1
  • 4
  • 19
  • 1
    "what would be a good method to do it" -- each application gets its own copy of the key, so that those applications can be installed and uninstalled independently. The fact that they all happen to use your SDK is immaterial. – CommonsWare Jan 28 '16 at 19:26
  • I understand your point. But what is the motivation behind having WORLD_REDABLE shared preference. Is that also an anti-pattern? (Just curious) – nsp Jan 28 '16 at 20:03
  • 1
    "Is that also an anti-pattern?" -- very much so. `WORLD_READABLE` has been deprecated, IIRC. `WORLD_READABLE` is readable by any app on the device, not just ones using your SDK. – CommonsWare Jan 28 '16 at 20:04

0 Answers0