[guardian-dev] Introducing Conceal: Efficient storage encryption for Android

Josh Steiner josh at vitriolix.com
Wed Feb 5 14:48:42 EST 2014

On Wed, Feb 5, 2014 at 4:23 AM, Mark Murphy <mmurphy at commonsware.com> wrote:
> On Wed, Feb 5, 2014, at 1:08, Josh Steiner wrote:
>> Anyone tried this yet?
>> https://code.facebook.com/posts/1419122541659395/introducing-conceal-efficient-storage-encryption-for-android/
> I haven't tried it, but I examined it and found it shrug-worthy.
> The default implementation randomly generates the encryption key and
> stores it in on internal storage as plaintext. Hence, anyone who roots
> the device can get at it.

Yeah, they clearly care most about the threat model of spyware apps
installed via mainstream app stores snooping on other apps data on SD.
 A valid use case for a lot of apps.  I wonder if combining this with
CacheWord to do better key management would be a viable choice for
more paranoid use cases.

>> A
>> common solution for Android is to store some data on an expandable SD
>> card to mitigate the storage cost.
> Android developers do not have official access to "an expandable SD
> card" in most OS levels. On Android 1.x/2.x, external storage may be
> removable storage. And on Android 4.4, if you use new methods like
> getExternalFilesDirs(), you could get a directory on removable media.
> Ordinary external storage on most devices shares a partition with
> internal storage. Hence, from a space standpoint, internal and external
> storage are typically identical.

Do you happen to have an exhaustive writeup of all the foibles of
storage on Android by chance?  It's something that still hurts my
brain whenever I have to deal with it.  What a mess.

> This means that you have two choices, in the default Conceal realm,
> while sticking to officially-supported storage locations:
> - Put your files on internal storage, where only someone with root can
> get at them
> - Put your files on external storage and encrypt them with a key stored
> on internal storage, where only someone with root can get at it
> I don't find that to be a vast improvement, but, then again, I may be
> missing something.

Well, there is a case where an app like StoryMaker wants to encrypt
huge files like the raw .mp4's that comprise the pre edited footage of
a story being produced.  We definitely want to store this on the real
SD card in a lot of cases.  Using this (assuming it is performant and
well audited) this "keys on internal storage, media encrypted on
external" is a valid use cases.  Though I'm more interested in the
CacheWord model of key management.


> --
> Mark Murphy (a Commons Guy)
> http://commonsware.com | http://github.com/commonsguy
> http://commonsware.com/blog | http://twitter.com/commonsguy
> _The Busy Coder's Guide to Android Development_: Version 5.5... And
> Still Going Strong!
> _______________________________________________
> Guardian-dev mailing list
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/josh%40vitriolix.com
> You are subscribed as: josh at vitriolix.com

More information about the Guardian-dev mailing list