First, a bit of my background. I have been working on large web systems for over a decade, Android is something I have been looking at for the past two months; as you can imagine, the gap is quite wide :)
Looking at Android's Security and Permissions and Data Storage part of documentation, talking directly to developers, reading books and tutorials, it is pretty clear how entire model works. However, I was unable to find an answer whether SQLite and SharedPreferences files are secure enough to store delicate non-encrypted information (for example, OAuth tokens). Is it possible for someone to grab them in any way? Quoting Android's documentation:
Any data stored by an application will be assigned that application's user ID, and not normally accessible to other packages.
It's the not normally accessible part giving me additional grey hair :)
Thank you, helpful answers are appreciated :)
Is it possible for someone to grab them in any way?
That depends on the someone. As Mr. Burov indicates, users of rooted phones can get at whatever they want. Ordinary users and other applications can't, by default.
It's the not normally accessible part giving me additional grey hair :)
By default, files are secure. You can make them world-readable or world-writable if you choose.
Wouldn't it be possible to decompile apk file and find encryption key as well in that case?
That depends on who you are defending against. If you are defending against other apps, have the user supply the encryption key. If you are defending against the user, you're screwed, just as all implementations of DRM are screwed.
Well, there is a bunch of SharedPreferences editor apps on the market, so they're definitely not secure. Also on rooted devices database can pull off easily, since user have full access to the phones filesystem. Hence, if you want your app be totally secured, encrypt your data.
Related
I want to develop an app where User data is very sensitive. I am new to dev. so not sure this following
techniques are necessary for security or efficient. Please leave your comment. Thanks in advance.
For extra security can we avoid market(play store) and install the app on individual device. Does it make it more secure?
I have to store data on the device. How can we make the data secured so other apps can't read it?
Yes, you can install your app without using the Google Play app. Whether this is more secure depends on your security requirements. Generally spoken, it's much more secure to install apps from Google Market than from other sources. If you want to avoid any kind of installations, you could think of using/implementing an app blocker (e.g. AppLock) or a Kiosk mode app (SureLock Kiosk Lockdown)
The less apps are installed the less potential attackers (malware, trojans, potential unwanted programs) you have. So from this perspective: yes, it does. However, as long as you don't have a rooted device the applications data (databases, preferences) is quite safe anyway. Data being written to the SD card can be encrypted.
Speaking about unrooted devices: application data (preferences and databases) is kept in a quite secure way. No other app has access to it. Data being written to the SD card can be read from any other app that has the permission android.permission.READ_EXTERNAL_STORAGE or android.permission.WRITE_EXTERNAL_STORAGE. You have to encrypt this data.
Looking at rooted devices: you've (almost) no chance to store your data in a secure way, because the user/attacker can install any tool in order to analyze complete memory and storage. Almost means, you can try to hide your encryption/decryptions algorithms as good as you can, so that it will be hard to decrypt data on the SD. In the end it's just a matter of effort to crack your encryption.
p.s. if you want to dig into technical details, you could have a look at this book.
p.p.s. just think about the following scenario: someone steals and roots your phone. In this case it's easy for the theft to copy the database and to read everything in your tables. Let me add: this is something, that can be done very easily, 'cause nowadays lots of tools and manuals for rooting exist in the Internet; same for accessing app data afterwards.
Encryption can make it much more difficult to read out app data and - if you ask your user for the encryption password on every app start - it might even be 100% secure (assuming a strong password that is not stored in the app and the app is not running while the theft steals it). Of course you have to choose a strong encryption algorithm as well (AES, Twofish, ...).
However, as long as you don't loose your phone and the phone is not rooted your data is safe - most likely. I say most likely, because there were a number of vulnerabilities in the past, that made it possible to get system wide access.
So you see it depends strongly on your requirements and on how sensitive your data is.
I am asking the same question as here:
Secure contents in Documents directory
For android.
Are there equivalent concepts in android to what is presented here:
Protecting the app sandbox
My particular requirement is to protect files from rooted devices and also make them available only through application and for a certain lifetime.
Thanks
My particular requirement is to protect files from rooted devices
By definition, that is impossible.
First, anyone who has a rooted device has access to every file, anywhere in the device itself.
Second, encryption only helps the user protect their data from third parties. You, on the other hand, are trying to attack the user by preventing them from accessing their data. The only way you can try to do that via encryption is for you to be the only one with the decryption key, and since that decryption key has to be on the device for the device to be able to decrypt the file, any user who wishes to can rummage through your app, find the key, and decrypt the files themselves. The notion of encrypting files this way is called DRM, and there are two types of DRM: the ones that have been cracked and the ones that nobody has bothered trying to crack yet.
If you do not want the user to access this data, do not put it on their device.
Looking through Mighter's answers and given your concern over rooted phones it looks like its been discussed here.
http://source.android.com/tech/encryption/android_crypto_implementation.html
(a sub link i found somewhere in here http://source.android.com/tech/security/index.html)
Originally i was thinking you could use the ContentProvider and store your data in a database, i believe that can be protected, or you could at least encrypt the data within it. I wasn't sure that would answer your issue however. The android crypto implementation link i hope will cover your requirements. Though might be impractical due to version requirements.
Two notes:
Generally speaking your application could be only as secure as the operating system. In case the device is rooted, the operating system isn't secure anymore. So your application can't be secure either. For example there could be tweaks of operation system which will:
log keyboard input
subvert any calls (including calls to crypto API)
log any information which comes through HTTP(S).
Second note is that at some point you will need to provide your data (files) in clear (not encrypted) to 3rd party applications. As soon as you did this, they can copy it, send it to some server and you can't do anything about it. So, even if you provide access to these files for a limited time, they still can "leak".
That said, your simplest approach (as Emile pointed out) would be to use a ContentProvider, encrypt data within it and decrypt data when it's delivered to 3rd party apps.
An approach with higher complexity would be to use DRM (http://developer.android.com/reference/android/drm/package-summary.html) in case 3rd party apps support it.
Android utilizes Unix permissions to protect app sandbox. Each app runs under unique user and only that user has permissions to operate on /data/data/your.package.name folder. However, if target device is rooted, your app data can be compromised.
Some links:
http://source.android.com/tech/security/index.html
http://www.amazon.co.uk/dp/1430240628
http://developer.android.com/guide/topics/security/permissions.html
There is nothing safe about putting any kind of data onto an android device. They are ment to be open devices. If you are looking to protect your data again rooted users, then you would have to use a form of encryption. And depending on the sensitivity of the item, that may not even work (unless you use a real high end encryption which will then drain on performance). Dont trust Android with sensitive information is the only thing I can say.
Does anyone know if an app can be hacked to manipulate anything else beside the actual app or the host phone itself? A web service server perhaps? Is that even possible? So the real question is, if an app is hacked, can the information it might possess or has access to be used for negative purposes?
(I'm looking to secure an app, not hack anyone.) :)
Web services are always vulnerable to being hacked. This is why you use a secure connection such as SSL to transfer any sensitive information.
As far as directly hacking Android applications, I imagine a hacker would have to do something along the lines of decompiling an application to assembly, much as they do for traditional applications.
Any kind of storage on the device in non-compiled format (some XML, text files, preferences) is more vulnerable to being hacked than natively compiled .apk's.
I think everything is hackable...
It is quite easy to get access to all your application's data on a rooted device. Things like your database or your private files are accessible on a rooted device.
I've never made a game for a mobile so I'm not really sure what the proper convention for level info is. Basically I'm thinking that I include an xml file that I add to local diskspace for the app then load the level details (item positions, etc) from that xml file, this way when I have to update the game, add more levels, I only have the users download a small xml file. Is this method secure or are there other ways of doing this?
The security features on the BlackBerry can be pretty complicated, check out the second half of this article for a good summary of the various security features available:
http://programming4.us/mobile/2694.aspx
Here are some official BlackBerry docs on the topic too:
http://docs.blackberry.com/en/smartphone_users/deliverables/1487/Security_26381_11.jsp
FYI, most of this information concentrates on protecting data from unauthorized users, or from other malicious apps. Personally I wouldn't be too concerned about a sophisticated hacker changing my XML, unless I was giving away prizes for achievements!
Regarding file access:
Every Android App runs in it's own sandboxed environment with it's own system username. Data downloaded or residing in it's directory can not be read from other apps.
Google Developers on Security is worth reading.
In code, you can easily use
this.getFilesDir()
From within an activity subclass.
If a device is rooted or someone uses the adb shell from the sdk to access the app data directory, of course, he will be able to manipulate it, I assume.
I'm working on my first Android app, and am almost to the point where I can start thinking about putting it up on the market as a paid app.
In the process of researching this step, I found out that it's basically trivial to break Google's copy protection scheme. I don't know how big of a problem this really is, or if we need to look into some other form of protection.
Obviously an obfuscater like ProGuard is a good first step, but how would you go about protecting your application from being released into the wild?
Second, other than encrypting contents (which is difficult because the decryption key has to be stored in the program too) how would you prevent someone from just dumping the contents of a sqlite3 database?
Just today Google released details of the new licensing service which is intended to replace copy protection. See here for details: http://developer.android.com/guide/publishing/licensing.html
It sounds like you have two security concerns:
Users copying and distributing your application without paying
Developers decompiling your source code and stealing it for their own applications
Concern #1: Its definitely possible for users to do this. One solution would be to give the app away for free, but disable it until they register on an independent website (where they pay). However, this kind of defeats the purpose of using the market as a convenient way to distribute your app.
Concern #2: This is a problem developing Java applications in general and isn't really specific to Android. As you stated, using an obfuscater is a good start. However, you are always going to be able to decompile Java code, and there really isn't any easy way around this that I know of.
My opinion is that piracy is very difficult to stop if the culprit has enough motivation. However, in general I don't think its a huge concern for Android developers. I know lots of people who wouldn't blink about downloading pirated movies or video games, but pay for all of their mobile applications.
Everything is about to change:
http://www.itproportal.com/portal/news/article/2010/7/28/google-add-licensing-service-android-apps/
Don't use sqlite. Use your own custom format. That's not unbreakable, but will definitely make it harder to extract data
Just don't keep your sensitive data at customer device. Keep it in Internet on your own server. And make your app just as a "thin" client to your server-side data/app.
For now 90% of devices have Internet connectivity for 90% of their running time. You should consider the importance of your data and either choose to keep it always server-side, requiring Internet connection, or keep it at client-side, making it vulnerable.