Solved

Android Encryption Credentials

Posted on 2014-10-12
2
230 Views
Last Modified: 2014-11-04
Hey,

I have some credentials on the tablet side for Android Development and I was looking for the best practices for being able to decrypt/encrypt them during run time so that any debugging of the application would prove futile once the application had been built.

Thanks for any time taken with this query.
0
Comment
Question by:Psychotext
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40376345
Good to check out below on best practices

the securecoding in CERT org (https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=111509535), e.g. the DRD10-J. Do not release apps that are debuggable

the Android developer community
We also want to make sure the device is not rooted as his can inadvertently  allow an owner to gain root access for purposes of debugging applications and system components or to access features not presented to applications by Android APIs.http://source.android.com/devices/tech/security/#the-android-permission-model-accessing-protected-apis
On some devices, a person with physical control of a device and a USB cable is able to install a new operating system that provides root privileges to the user. To protect any existing user data from compromise the bootloader unlock mechanism requires that the bootloader erase any existing user data as part of the unlock step. Root access gained via exploiting a kernel bug or security hole can bypass this protection.

Encrypting data with a key stored on-device does not protect the application data from root users. Applications can add a layer of data protection using encryption with a key stored off-device, such as on a server or a user password. This approach can provide temporary protection while the key is not present, but at some point the key must be provided to the application and it then becomes accessible to root users.

A more robust approach to protecting data from root users is through the use of hardware solutions.
See the crypto implementation http://source.android.com/devices/tech/encryption/android_crypto_implementation.html
0
 
LVL 2

Author Closing Comment

by:Psychotext
ID: 40421274
This is a great repository of information. Really helped with some best in practice solutions for other issues I may have in the future or have been wondering around in passing, thanks a lot.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
android location app 3 48
SSD encryption options with Windows 10 Pro 5 110
Delphi Firemonkey : user drawing in window 3 56
Hardware keyboards 11 100
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
If you use the Google Now Launcher, as an aftermarket add on, have a Samsung Note 5 and are worried about power consumption be wary of using the ultra power saving mode.  Here is what happened to me when I made the mistake of trying this out...
This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question