Typically, an app that has permission to read and write data from an SD card has the permission to read all data on that card, including information written by other apps. This means that if you install a malicious application by mistake, it can easily steal any sensitive data from your phone's SD Card.
Engineers at Facebook have developed a way of protecting its popular Android apps when they’re stored on SD cards, and they’re now sharing this security tool called 'Conceal', that will allow app developers to encrypt data on disk in the most resource efficient way, with an easy-to-use programming interface.
Conceal, is a programming code library for safely encrypting and decrypting data stored on SD cards. The company is already using the tool with the primary Facebook app that runs on Android.According to Facebook software engineers the company started building the tool about six months ago, but it only recently decided to open source it.
This tool is based on algorithms from OpenSSL, a common open source encryption system for the web, but it’s designed specifically for mobile phones running Android — including low-end phones. The whole library takes up only about 85KB of space. Conceal is smaller and faster than existing Java crypto libraries, uses AES-GCM, an authenticated encryption algorithm that helps to detect any potential tampering with data.The library also provides resources for storing and managing keys to protect against known weaknesses in the Android's random number generator. Conceal officially supports Android 2.3 and higher (Gingerbread). It will run on 2.2 (Froyo) phones as well.
No comments:
Post a Comment