Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Securely Storing Secrets

Securely Storing Secrets

Presentation about storing data securely on devices with the Android operating system. Delivered at the DutchAUG usergroup meeting on February 22, 2012.

Ivo Jansch

March 05, 2012
Tweet

More Decks by Ivo Jansch

Other Decks in Programming

Transcript

  1. Sandboxing ‣Apps only have access to their own data ‣Access

    is based on Linux user ID ‣Further protected by application signature 11
  2. Storage + Secure Storage ‣USB Storage • External storage, sharable

    between apps ‣Device Storage • Apps have their own location, within sandbox ‣Secure Storage • Java KeyStores with strong encryption algorithms • Unfortunately no hardware encrypted storage like iPhone ‣ Note: Honeycomb does have ‘whole device encryption’ 12
  3. The Main Problem ‣How can I securely store secrets? •

    Is sandboxing a solution? -> Not when device is rooted • Is device storage a solution? -> Not when device is rooted • Is encryption a solution? ‣ Yes, but where do you store your encryption keys? 13
  4. With common answers - Huh? - Don’t store secrets -

    Don’t use OAuth - Obfuscate - Encrypt 15
  5. Recommended Reading ‣ ISBN: 2147483647 ‣ Authors: • Himanshu Dwivedi

    • Chris Clark • David Thiel ‣ Covers: • Android • Apple • WinMo 30
  6. Shameless Plug ‣ March 10 @ Tuschinski Amsterdam ‣ http://mdevcon.com

    ‣ 2 tracks, 14 speakers, 250 developers, ∞ fun ‣ iOS, Android & Generic talks 31
  7. Credits ‣ ‘Tege in Sandbox’ by Judi Cox - http://www.flickr.com/photos/madaise/3406217980/

    ‣ ‘Locker (KHS up close) by Travis Hymas - http://www.flickr.com/photos/ travishasphotos/3481640534/ ‣ ‘Mask’ by Ben Fredericson - http://www.flickr.com/photos/xjrlokix/3932488768/