Encryption 101 on Android

Transcript

1. Yangon Aung Kyaw Paing (Vincent) Senior Consultant @ Thoughtworks Encryption

   101 on Android

2. Drop any questions you have along the way Slido ID:

   #2778438

3. Types of encryption • Symmetric Encryption ◦ Uses single key

   to encrypt/decrypt data at rest • Asymmetric Encryption ◦ Uses a public/private key pair to encrypt/decrypt a message transfer • Hybrid Encryption ◦ Uses both symmetric and asymmetric encryption to optimize message transfer

4. Yangon Symmetric Encryption & Encrypting Data at Rest

5. JetSec Crypto 2019 2021 2023 May 2025 Today Retired in

   1.1.0 First stable version Deprecated in alpha07 First Alpha version Version 1.1.0 alpha06

6. JetSec Crypto crash on some OEM devices!

7. Issues with JetSec Crypto • Deprecated since 2023 • Random

   Crashes happening!

8. Community fork! https://github.com/ed-george/encrypted-shared-preferences

9. So what do we do now? • Community fork •

   Custom implementation
10. None

11. Tink

12. Tink dependencies { implementation "com.google.crypto.tink:tink-android:1.19.0" }

13. Tink Primitives https://developers.google.com/tink/key-concepts

14. Tink https://developers.google.com/tink/choose-primitive

15. Non-Deterministic Encryption

16. Deterministic Encryption

17. None
18. None
19. None

20. Tink https://developers.google.com/tink/choose-primitive

21. AeadConfig.register() val aeadKeySetHandle = AndroidKeysetManager.Builder() .withKeyTemplate(AeadKeyTemplates.AES256_GCM) .withMasterKeyUri("android-keystore://${KEY_ALIAS}") .withSharedPref(context, "keyset_name", "keyset_pref")

    .build().keysetHandle val aead = aeadKeySetHandle.getPrimitive( RegistryConfiguration.get(), Aead::class.java )

22. AeadConfig.register() val aeadKeySetHandle = AndroidKeysetManager.Builder() .withKeyTemplate(AeadKeyTemplates.AES256_GCM) .withMasterKeyUri("android-keystore://${KEY_ALIAS}") .withSharedPref(context, "keyset_name", "keyset_pref")

    .build().keysetHandle val aead = aeadKeySetHandle.getPrimitive( RegistryConfiguration.get(), Aead::class.java )

23. AeadConfig.register() val aeadKeySetHandle = AndroidKeysetManager.Builder() .withKeyTemplate(AeadKeyTemplates.AES256_GCM) .withMasterKeyUri("android-keystore://${KEY_ALIAS}") .withSharedPref(context, "keyset_name", "keyset_pref")

    .build().keysetHandle val aead = aeadKeySetHandle.getPrimitive( RegistryConfiguration.get(), Aead::class.java )
24. None

25. val KEY_ALIAS = "My Key Name" fun generateKeyInAndroidMasterKeyStore() { val

    keyGenParameterSpec = KeyGenParameterSpec.Builder( KEY_ALIAS, KeyProperties.PURPOSE_DECRYPT or KeyProperties.PURPOSE_ENCRYPT ) .setBlockModes(KeyProperties.BLOCK_MODE_GCM) .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) .setKeySize(256) .build() val keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore") keyGenerator.init(keyGenParameterSpec) keyGenerator.generateKey() }

26. val KEY_ALIAS = "My Key Name" fun generateKeyInAndroidMasterKeyStore() { val

    keyGenParameterSpec = KeyGenParameterSpec.Builder( KEY_ALIAS, KeyProperties.PURPOSE_DECRYPT or KeyProperties.PURPOSE_ENCRYPT ) .setBlockModes(KeyProperties.BLOCK_MODE_GCM) .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) .setKeySize(256) .build() val keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore") keyGenerator.init(keyGenParameterSpec) keyGenerator.generateKey() }

27. val KEY_ALIAS = "My Key Name" fun generateKeyInAndroidMasterKeyStore() { val

    keyGenParameterSpec = KeyGenParameterSpec.Builder( KEY_ALIAS, KeyProperties.PURPOSE_DECRYPT or KeyProperties.PURPOSE_ENCRYPT ) .setBlockModes(KeyProperties.BLOCK_MODE_GCM) .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) .setKeySize(256) .build() val keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore") keyGenerator.init(keyGenParameterSpec) keyGenerator.generateKey() }

28. val KEY_ALIAS = "My Key Name" fun generateKeyInAndroidMasterKeyStore() { val

    keyGenParameterSpec = KeyGenParameterSpec.Builder( KEY_ALIAS, KeyProperties.PURPOSE_DECRYPT or KeyProperties.PURPOSE_ENCRYPT ) .setBlockModes(KeyProperties.BLOCK_MODE_GCM) .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) .setKeySize(256) .build() val keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore") keyGenerator.init(keyGenParameterSpec) keyGenerator.generateKey() }

29. val keyStore = KeyStore.getInstance("AndroidKeyStore") val doesKeyExists = keyStore.aliases().toList().find { it

    == KEY_ALIAS } != null if (!doesKeyExists) { // Generate key }
30. None

31. AeadConfig.register() val aeadKeySetHandle = AndroidKeysetManager.Builder() .withKeyTemplate(AeadKeyTemplates.AES256_GCM) .withMasterKeyUri("android-keystore://${KEY_ALIAS}") .withSharedPref(context, "keyset_name", "keyset_pref")

    .build().keysetHandle val aead = aeadKeySetHandle.getPrimitive( RegistryConfiguration.get(), Aead::class.java )

32. DeterministicAeadConfig.register() val deterministicAeadKeySetHandle = AndroidKeysetManager.Builder() .withKeyTemplate(DeterministicAeadKeyTemplates.AES256_SIV) .withMasterKeyUri("android-keystore://${KEY_ALIAS}") .withSharedPref( context, "deterministic_keyset_name",

    "keyset_pref" ) .build().keysetHandle val deterministicAead = deterministicAeadKeySetHandle.getPrimitive( RegistryConfiguration.get(), DeterministicAead::class.java

33. DeterministicAeadConfig.register() val deterministicAeadKeySetHandle = AndroidKeysetManager.Builder() .withKeyTemplate(DeterministicAeadKeyTemplates.AES256_SIV) .withMasterKeyUri("android-keystore://${KEY_ALIAS}") .withSharedPref( context, "deterministic_keyset_name",

    "keyset_pref" ) .build().keysetHandle val deterministicAead = deterministicAeadKeySetHandle.getPrimitive( RegistryConfiguration.get(), DeterministicAead::class.java

34. DeterministicAeadConfig.register() val deterministicAeadKeySetHandle = AndroidKeysetManager.Builder() .withKeyTemplate(DeterministicAeadKeyTemplates.AES256_SIV) .withMasterKeyUri("android-keystore://${KEY_ALIAS}") .withSharedPref( context, "deterministic_keyset_name",

    "keyset_pref" ) .build().keysetHandle val deterministicAead = deterministicAeadKeySetHandle.getPrimitive( RegistryConfiguration.get(), DeterministicAead::class.java

35. // Encrypt and Decrypt Non-Determinstically aead.encrypt(plaintext, aad) aead.decrypt(ciphertext, aad) //

    Encrypt and Decrypt Determinstically deterministicAead.encryptDeterministically(plaintext, aad) deterministicAead.decryptDeterministically(ciphertext, aad)

36. // Encrypt and Decrypt Non-Determinstically aead.encrypt(plaintext, aad) aead.decrypt(ciphertext, aad) //

    Encrypt and Decrypt Determinstically deterministicAead.encryptDeterministically(plaintext, aad) deterministicAead.decryptDeterministically(ciphertext, aad)

37. Issues with JetSec Crypto • ̶D̶e̶p̶r̶e̶c̶a̶t̶e̶d̶ ̶s̶i̶n̶c̶e̶ ̶2̶0̶2̶3̶ • Random

    Crashes happening!

38. “Warning: because Android Keystore is unreliable, we strongly recommend disabling

    it by not setting any master key URI.” https://javadoc.io/static/com.google.crypto.tink/tink-android/1.16.0/com/google/ crypto/tink/integration/android/AndroidKeysetManager.html
39. None

40. So can we not use Android Master KeyStore?

41. “When Android Keystore is disabled or otherwise unavailable, keysets will

    be stored in cleartext. This is not as bad as it sounds because keysets remain inaccessible to any other apps running on the same device. Moreover, as of July 2020, most active Android devices support either full-disk encryption or file-based encryption, which provide strong security protection against key theft even from attackers with physical access to the device. Android Keystore is only useful when you want to require user authentication for key use, which should be done if and only if you're absolutely sure that Android Keystore is working properly on your target devices. “ https://javadoc.io/static/com.google.crypto.tink/tink-android/1.16.0/com/google/ crypto/tink/integration/android/AndroidKeysetManager.html

42. Android OS Encryption 4.4 7.0 10.0 Enforce FBE File-based encryption

    (FBE) Full-disk encryption (FDE) FDE encrypt the entire storage with single key. FBE encrypt individual files with multiple keys

43. If you’re targeting minimum SDK 29 (Android 10), then you

    probably don’t need any encryption as the OS automatically encrypt your app’s internal directory with a unique keys.

44. Application Sandbox In addition, Android application are executed in individual

    sandboxs so they cannot access the contents of other apps.

45. val KEY_ALIAS = "My Key Name" fun generateKeyInAndroidMasterKeyStore() { val

    keyGenParameterSpec = KeyGenParameterSpec.Builder( KEY_ALIAS, KeyProperties.PURPOSE_DECRYPT or KeyProperties.PURPOSE_ENCRYPT ) .setBlockModes(KeyProperties.BLOCK_MODE_GCM) .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) .setKeySize(256) .build() val keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore") keyGenerator.init(keyGenParameterSpec) keyGenerator.generateKey() }

46. AeadConfig.register() val aeadKeySetHandle = AndroidKeysetManager.Builder() .withKeyTemplate(AeadKeyTemplates.AES256_GCM) .withSharedPref(context, "keyset_name", "keyset_pref") .build().keysetHandle

    val aead = aeadKeySetHandle.getPrimitive( RegistryConfiguration.get(), Aead::class.java )
47. None

48. But if it’s stored in plain text, what if the

    hacker gain root access, that expose the data stored, can they not use this plain text key to decrypt?

49. • To gain root access, you’d have to unlock bootloader,

    which would delete your internal data! ◦ An outlier is that some OS forks, like LineageOS, require unlocked bootloader to function. • Root detections are not reliable and hackers can still bypass these checks

50. “The problem with God Mode is that they are God!”

51. But what about attack that requires physical access? For example,

    root access is an elevation of privilege attack. If a hacker gain physical access (and root access), encryption is not going to protect your data at rest anyways. There is no way to really prevent this!

52. If encryption is not going to protect against these attacks,

    why are we even doing encryption?

53. The short is we don’t need encryption for data at

    rest. • Existence of JetSec Crypto implies that the default shared preferences has security flaw which is not true • False sense of security bring more harm because devs thought that user’s data are protected and started storing more and more sensitive datas. • However, some sector still requires this due to legal reasons. In that case, use this custom implementation.

54. Yangon Do this instead!

55. Do not store sensitive data Architecture your system so that

    sensitive data would only be stored on the backend and not on the frontend.

56. Have short lifespan for sensitive data • Clear the data

    on the device as soon as possible ◦ Example: User logout, data no longer relevant after a certain operation • Use Worker to periodically clean data

57. Remote wipe Allow user to force logout and wipe their

    data in the app through other means.

58. Security on Frontend is Security Flaw

59. https://github.com/vincent-paing/EncryptedShared PreferenceCustomExample

60. https://aungkyawpaing.dev/end-to-end-en cryption-on-android/

61. Hanoi Aung Kyaw Paing (Vincent) Senior Consultant @ Thoughtworks Encryption

    101 on Android