Solved

Android Encryption Credentials

Posted on 2014-10-12
2
231 Views
Last Modified: 2014-11-04
Hey,

I have some credentials on the tablet side for Android Development and I was looking for the best practices for being able to decrypt/encrypt them during run time so that any debugging of the application would prove futile once the application had been built.

Thanks for any time taken with this query.
0
Comment
Question by:Psychotext
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40376345
Good to check out below on best practices

the securecoding in CERT org (https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=111509535), e.g. the DRD10-J. Do not release apps that are debuggable

the Android developer community
We also want to make sure the device is not rooted as his can inadvertently  allow an owner to gain root access for purposes of debugging applications and system components or to access features not presented to applications by Android APIs.http://source.android.com/devices/tech/security/#the-android-permission-model-accessing-protected-apis
On some devices, a person with physical control of a device and a USB cable is able to install a new operating system that provides root privileges to the user. To protect any existing user data from compromise the bootloader unlock mechanism requires that the bootloader erase any existing user data as part of the unlock step. Root access gained via exploiting a kernel bug or security hole can bypass this protection.

Encrypting data with a key stored on-device does not protect the application data from root users. Applications can add a layer of data protection using encryption with a key stored off-device, such as on a server or a user password. This approach can provide temporary protection while the key is not present, but at some point the key must be provided to the application and it then becomes accessible to root users.

A more robust approach to protecting data from root users is through the use of hardware solutions.
See the crypto implementation http://source.android.com/devices/tech/encryption/android_crypto_implementation.html
0
 
LVL 2

Author Closing Comment

by:Psychotext
ID: 40421274
This is a great repository of information. Really helped with some best in practice solutions for other issues I may have in the future or have been wondering around in passing, thanks a lot.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question