1. kuoirad's Avatar
    *grumble* I'm not happy about a change for dealing with credential storage in ICS:

    Unifying Key Store Access in ICS | Android Developers Blog

    I've run into this because I connect to the wifi at work (UT-Austin), which is a 802.1x network. So my credentials have to go in storage. I'm not upset about that, those credentials are very important and I don't want them stored "in the open". But I preferred the paradigm of being locked behind a password on the phone and not having to have a "secure" phone unlock method.

    Ah well. I'll just be grumbly about it.
    04-10-2012 08:00 PM
  2. JamesCarnley's Avatar
    You know it works the same way in Windows and other operating systems right? You don't have to "unlock" your certificates to use them.

    If you really care about security then you would realize that this isn't a big deal since you should be locking your device anyway. Encrypting your device will help too since you need a password at bootup, so if someone steals your phone and tries to reboot it they would be out of luck.

    I much prefer this new sane way of dealing with certificates. On Gingerbread if I forgot to unlock my secure storage then it would try to connect to my work wifi and fail. I would have to reboot with wifi off, unlock storage, then turn wifi back on to connect. It was annoying. Now with ICS I don't have to worry about it, since each app only has access to its certificate and it doesn't involve any input from me. Just boot and go.
    04-10-2012 11:04 PM
  3. kuoirad's Avatar
    Yes, I'm aware of how this sort of thing works in other OSes. That's all besides the point.

    I care about security, which is why I like the compartmentalizing access to my "secure" data. I also care about balancing security with ease of use. Having a "real" screen lock reduces ease of use more than it enhances security, for me. I also tend not to keep "important" stuff on the phone - for little I did, I had a strong password on my credential storage (which only had my wifi credentials in it) and have a strong password on 1Password.

    FWIW, I'm very aware of the "forgetting to unlock storage" issue you ran into. However, I never had to disable wifi and reboot the phone to handle it. I just simply went into Settings -> Security (or whatever it was -> Credential Storage, and it asked me for my password. Easy peasy. Before I discovered that, I just waited for the wifi connection to stop trying to connect automatically and tell it to connect myself - it then asked me for the credentials password. Took a minute, was annoying, but didn't require the level of monkeying you went through.
    04-11-2012 09:46 AM