1) I am wondering if the Android SDK has already predefined encryption functions or if one would have to write this all from scratch?
2) Suppose you have classes for encryption, either written by yourself or provided by the SDK, how to make sure, that the content of the RAM (that contains the key in plaintext) is never written to the permanent storage of the android device? I guess if too much RAM is used, there's some kind of swapping, besides that there are techniques like HTC's fastboot that write the whole content to the storage if I am not wrong? Any chance to prevent the RAM content for your software being saved on a permanent storage? Or is there maybe some kind of event before the RAM content is written to the permanenent storage, so one could wipe the key before that?
Thanks you very much for any hint!
1) I am wondering if the Android SDK
has already predefined encryption
functions or if one would have to
write this all from scratch?
You can do it with Java Cryptography Architecture (JCA). Mainly it is the javax.crypto.* package. Here is the JCA Reference Guide.
Also, this example may be helpful.
As to the second question - I just have not much to say. The only idea is to not keep a handle on the sensetive objects for long. Create per each need, use and nullify it as soon as used. Don't ever put into a static context.
Related
I am trying to create an Android application which attempts to retrieve deleted/lost data in Android devices. Is there anyway to do this? I prefer to use Flutter, but willing to use any other tech stack. I think, we might need to use low level languages. Can anyone help me out :)
The thing is, we need to access the segment of memory/storage which is not in the directory and not visible in the file explorer. And we plan to use some algorithms to make sense of the data/bits we get and show it to the user
No this is impossible. You can never do it with an Android application.
Accessing the free space with an android kernel is not possible.
You can try to use memory of the phone pretend to be a hard disk and use EaseUS Data Recovery on Windows
After analyzing my Android application with a security tool, it has detected a high level vulnerability "File unsafe delete check". I have investigated about this, and it seems that the problem is that the application uses "file.delete()".
That function is considered unsafe because data could theoretically be retrieved with a tool that scans all the storage device. So, if that way of deleting is "unsafe"... what is the "safe" way to delete files in Android? (to avoid getting that "security error" that is supposedly a "high level" one). What is the proper way to delete files in Android Development?
I am getting the same security warning in 2 different applications, one made with native Java and the other one with Xamarin Forms. Thank you very much!
what is the "safe" way to delete files in Android?
There is none for the vast majority of Android devices. You use delete() on File.
That function is considered unsafe because data could theoretically be retrieved with a tool that scans all the storage device
If the Android device happens to use a classic hard drive (spinning magnetic media), you can overwrite the data before deleting it. On any sort of flash media, that will be ineffective, as the physical location where the data is written can vary with each write operation ("wear leveling").
So, this really boils down to your objective:
If you feel that the user will be harmed if this data is available to be read, store it encrypted with a user-supplied passphrase.
If you are simply trying to avoid this warning, ask the developers of this "security tool" what they are expecting you to do. Or, find a better tool.
This is not an Android specific issue.
It has to do with how file systems work, and the physical storage media it self.
When you delete a file, regardless of API, what is actually deleted is the record in the files table.
The actual data on disk or flash storage remains.
There is a method for secure deletion:
Before deleting the file, overwrite its contents with garbage or zeros several times.
But, this method only works for magnetic media such as hard disks.
Android devices use NAND flash for storage.
Because the number of writes a NAND chip can take before it fails is a lot less than that of magnetic memory, these chips usually come with a mechanism that spreads out the write commands.
What this means is that even if you try to write random data or zeros over your file, there is no guarantee the actual data will be overwritten.
The writes may go to a different sector to avoid wear.
So, on one hand, for flash storage it is enough to overwrite the file once, but on the other hand, it is impossible to do correctly at application level.
If you want to make your application secure, you must make sure to store sensitive data encrypted.
Then, even if someone tries to read the raw storage, they wouldn't be able to recover the data.
Don't store user credentials (like passwords) in regular files on Android.
Use Android accounts API and let the OS manage security.
If you still need file storage but want to protect the data, encrypt it in memory and then write to file.
As said by the other answers the first thing to consider under a theoretical point of view is if there is really a need to store any sensitive information in files to be kept on customer side
If this is really the case, encryption is the real way to guarantee proper security. Files would be protected not only against the recovery after deletion but also during their known life on the device
That said, in the case of a vulnerability assessment - i.e. a static analysis of the code - it would not be immediate to detect that you are calling for a deletion [via file.delete()] of encrypted files. Or maybe you are just calling the deletion of files with nothing to hide
In both these cases the found vulnerability would just be a false positive. Which is part of the game because you can guess that it's quite complicated for an automated tool to understand if something really "deserves" protection or not
What you can do to get rid of the vulnerability is adding the logic to empty the files before calling file.delete(). You have a sample here for this purpose. This will solve the vulnerability detection you are experiencing
It encrypts the SQLLite database at page level, ok thats fine, nothing wrong with that!
but what about your source code? its compiled, but even if its compiled someone could decompile it, retrieve your password and decrypt the database?
How safe is SQLCipher?
According to the SQLCipher design documentation, it is based on secure components (AES, OpenSSL, HMAC_SHA1, PBKDF2,...). If those claims are correct, it sounds good to me.
What is a bit unusual (to me, at least) is that there is a random IV per page. This is somewhat different to the typical file system encryption mode AES-XTS. The design used by SQLCipher has certain advantages over AES-XTS, for example writing the same data again will not result in the same encrypted page. However, possibly there are disadvantages, for example I'm not quite sure if with SQLCipher it is possible to move or copy pages (copy encrypted pages to another page). It might not be possible, however from the design document I don't see how this is prevented. Such is the risk if a non-standard encryption mode is used :-) But even if this is a problem, it wouldn't allow an attacker to read the data; it would only allow certain types of attacks. Even with AES-XTS certain types of attacks are possible, so I wouldn't be worried too much.
What about your source code?
To keep things save, don't store the password in the code. Instead, let the user enter the password, or store it in a key-chain. This is possible for both Android and iOS as far as I see, but I don't know the details.
I'm currently developing an Android game which saves data into a SQLite database. This is not really "sensitive" data, but I don't want users to be able to modify it (for obvious reasons of game balance, as it would be cheating). And it's quite easy to access and modify a SQLite db when your phone is rooted (there are plenty of applications for that in the market).
So should I even worry about that, or consider users with a rooted phone can do whatever they want including cheating and that's their choice? Or could I somehow encrypt the data I don't want them to modify, or add a MD5 checksum or something similar?
Another approach would be to abandon SQLite altogether and use some kind of binary files with game data.
Please let me know if some of you already encountered similar issues, and what are the approaches you followed, as well as the "good practices" in the Android gaming development community.
Thanks.
Root access for everybody and security are mutually exclusive.
Any application or user with root permissions can read and modify each and every file on your system, as well as all of the main memory. That doesn't leave many places to store a potential encryption key for the database.
You could hide parts of the key in the executables, configuration files etc, but everything you could come up with would be nothing more than obfuscation and security by obscurity.
If a user opts to grant root access to everybody, that's their decision, and it's not your job as an app developer to prevent any harm that might be caused.
Update:
Storing API keys in Android, is obfustication enough? is a pretty similar issue - it's about protecting API keys, but it's the same situation with regards to your options.
sqlcipher for Android might help here.
https://guardianproject.info/code/sqlcipher/
I think based on your requirement the best method is using consistency of data,
for example MD5 the score and time, then put score and time and MD5 in to the table, then every time wanting to use that row of DB check the MD5 of the score and time if the one in DB and the one which calculated are same, the row is consistent otherwise it was hacked!
You may find your happiness on Preferences Files Look here
I'm currently facing a problem where I should store my object structure on the android device.
The usecase: I'm starting a call to an applicationserver (with the great help of AsyncTask), get a well known response (xml-response) from the server, parse the data and transform it finally into my object structure (highly complex class diagram with many associations between the classes). So far it's working, thanks to the great XMLPullParser ;)
I'm wondering where to store (and of course share) the fetched data between my activities... I already know that I can use sqlite, but I do not have an or-mapper (like hibernate in the j2ee environment). I'm also not allowed to store this sensitive data on the device (in sqlite or file system), so my first approach was to store this data in a singleton (which is of cource being held in memory...). But what happens when system is getting on low memory, can android "destroy" the data stored in my singleton? I already read about extending the android.app.Application class... So what is the best way to securely store object data (called from "webservice") on android devices?
BTW: Android development is that cool! We are currently porting a Windows Mobile 6.5 App to Android and iPhone, and my colleague (reponsible for iPhone-dev) is complaining all the time^^
Regarding an OR mapper, I came across OrmLite the other day. It is a general ORM tool for Java, but it also has some special adaptations that makes it work for Android. I haven't had time to test it myself yet, but it looks promising :)
As for storing sensitive data on the phone, you really don't have the option of storing it only in memory (using some kind of singleton as you suggested). As soon as your application goes to the background, it can be killed instantaneously, so you have to persist what data you want to keep in some way. That being said, if you save data to Internal Storage, this will not be available for any other app on the phone (given that the phone is not rooted, because if is rooted this is easy to get around). I do believe that this same goes for data you store using SQLite, but I'm not 100% certain, so I won't guarantee it.
But basically, if you are sure that your app will only run on non-rooted devices, you should be pretty safe saving your data to Internal Storage. And if that isn't good enough, there there is the javax.crypto package, but I've never used that so I can't really say anything about it.