[guardian-dev] [briar-devel] Securely saving and restoring state on Android

Abel Luck abel at guardianproject.info
Wed Mar 6 08:07:32 EST 2013


Michael Rogers:
> On 16/02/13 16:13, Abel Luck wrote:
>> This is indeed a valid concern. In current android implementations
>> data serialized in those methods isn't written to disk (it's kept
>> in memory until your entire App is killed), but this is not
>> documented nor promised.
> 
>> So definitely don't save anything sensitive with those methods.
> 
> I've written a BundleEncrypter that marshalls the contents of a bundle
> into a byte array and encrypts it using a per-process key. The
> bundle's contents are replaced with a single byte array containing the
> IV and ciphertext. The length of the marshalled plaintext is not
> concealed.
> 
> The cipher is AES-256-GCM with a 256-bit random IV. GCM allows us to
> detect ciphertexts that were created with defunct keys. The random IV
> allows us to encrypt multiple bundles with the same key without
> worrying about nonce management.
> 
> If decryption fails, which will occur if the bundle was created by a
> defunct process, the app behaves as though no bundle had been restored.
> 
> I've worked around the injection issue by statically injecting a
> Provider<BundleEncrypter>. I don't like this approach because it uses
> a mutable static field, but it seems to be the only way to inject an
> instance field before calling RoboActivity.onCreate():
> 
> https://code.google.com/p/roboguice/wiki/HowToInjectXYZ
> 
> I'm happy to create a version of the BundleEncrypter without Briar
> dependencies if you think it would be useful.
> 

(cc'ing guardian-dev, for those readers that want more context see the
thread archive [1] )

Interesting work Michael! This is definitely something we'd be
interested in, both for our own apps and supporting as a general utility
for the larger developer community. Some questions:

How is the process key generated?

The key is stored in the mutable static field?

Is RoboGuice necessary or could a vanilla-android version be developed?

Finally, I'd love to see the source :)

~abel

[1]:
http://sourceforge.net/mailarchive/forum.php?thread_name=51239311.1010507%40briarproject.org&forum_name=briar-devel


More information about the Guardian-dev mailing list