[guardian-dev] Introducing Conceal: Efficient storage encryption for Android

Mark Murphy mmurphy at commonsware.com
Wed Feb 5 07:23:32 EST 2014

On Wed, Feb 5, 2014, at 1:08, Josh Steiner wrote:
> Anyone tried this yet?
> https://code.facebook.com/posts/1419122541659395/introducing-conceal-efficient-storage-encryption-for-android/

I haven't tried it, but I examined it and found it shrug-worthy.

The default implementation randomly generates the encryption key and
stores it in on internal storage as plaintext. Hence, anyone who roots
the device can get at it.

> A
> common solution for Android is to store some data on an expandable SD
> card to mitigate the storage cost.

Android developers do not have official access to "an expandable SD
card" in most OS levels. On Android 1.x/2.x, external storage may be
removable storage. And on Android 4.4, if you use new methods like
getExternalFilesDirs(), you could get a directory on removable media.
Ordinary external storage on most devices shares a partition with
internal storage. Hence, from a space standpoint, internal and external
storage are typically identical.

This means that you have two choices, in the default Conceal realm,
while sticking to officially-supported storage locations:

- Put your files on internal storage, where only someone with root can
get at them
- Put your files on external storage and encrypt them with a key stored
on internal storage, where only someone with root can get at it

I don't find that to be a vast improvement, but, then again, I may be
missing something.

Mark Murphy (a Commons Guy)
http://commonsware.com | http://github.com/commonsguy
http://commonsware.com/blog | http://twitter.com/commonsguy

_The Busy Coder's Guide to Android Development_: Version 5.5... And
Still Going Strong!

More information about the Guardian-dev mailing list