[guardian-dev] Introducing Conceal: Efficient storage encryption for Android
mmurphy at commonsware.com
Wed Feb 5 07:23:32 EST 2014
On Wed, Feb 5, 2014, at 1:08, Josh Steiner wrote:
> Anyone tried this yet?
I haven't tried it, but I examined it and found it shrug-worthy.
The default implementation randomly generates the encryption key and
stores it in on internal storage as plaintext. Hence, anyone who roots
the device can get at it.
> common solution for Android is to store some data on an expandable SD
> card to mitigate the storage cost.
Android developers do not have official access to "an expandable SD
card" in most OS levels. On Android 1.x/2.x, external storage may be
removable storage. And on Android 4.4, if you use new methods like
getExternalFilesDirs(), you could get a directory on removable media.
Ordinary external storage on most devices shares a partition with
internal storage. Hence, from a space standpoint, internal and external
storage are typically identical.
This means that you have two choices, in the default Conceal realm,
while sticking to officially-supported storage locations:
- Put your files on internal storage, where only someone with root can
get at them
- Put your files on external storage and encrypt them with a key stored
on internal storage, where only someone with root can get at it
I don't find that to be a vast improvement, but, then again, I may be
Mark Murphy (a Commons Guy)
http://commonsware.com | http://github.com/commonsguy
http://commonsware.com/blog | http://twitter.com/commonsguy
_The Busy Coder's Guide to Android Development_: Version 5.5... And
Still Going Strong!
More information about the Guardian-dev