Security in Samsung tizen tv

Question

These are my questions regarding security in Samsung tizen tv web app.

If somehow we get our hands on app installation file(.wgt) from tizen tv, it can be imported into tizen studio and voila, you have all the source code. Then you can hack any user's account.

How is Samsung providing security against this scenario?
Are there any ways developer can provide security even if somebody gets the source code?
How to store confidential information such as user-id or tokens securely in tizen tv?
Best practices for providing security in Tizen tv web app?

score 0 · Answer 1 · answered Feb 10 '19 at 11:50

0

If they have just wgt file they can't convert to source code. But if you want to save some tokens, you can change it by some API from your server in your code .I think it's best although if you use in any platform.

answered Feb 10 '19 at 11:50

Shayan

402
1
4
18

That is not true - `wgt` is just an archive and can be extracted easily. – jayarjo Mar 17 '19 at 13:24

score 0 · Answer 2 · answered Mar 17 '19 at 13:32

My solution for this is - not to put important information into the source code. Treat it the same way you would treat a web-app. I guess it's just fine to have client ids in the source (developers do it all around the globe), but you should acquire all the tokens only through the proper authorization. After you receive them you can store them in the special and secure storage facilities inside Tizen runtime environment (like KeyManager for example).

Security in Samsung tizen tv

2 Answers2