|
|
|
|
|
|
by Someone
4129 days ago
|
|
|
OK. Let's assume that key lives on Google's servers. Then, Google must send it back to the Android device that it cannot trust unencrypted (possibly in a httpd session, but that is irrelevant for this discussion. The pipe may be secure, but you poor the data in a pool that isn't secure) |
|
|