Sensitive Data Management With Android Jetpack Security

The Android Jetpack Security library is a part of the Android Jetpack suite of libraries provided by Google. It aims to simplify the implementation of security best practices related to data encryption, key management, and secure storage in Android applications.

Jetpack Security Features

EncryptedFile

This class provides a secure way to read from and write to files by offering custom implementations of FileInputStream and FileOutputStream. It utilizes the Streaming Authenticated Encryption with Associated Data (AEAD) primitive to ensure secure streaming read and write operations.

EncryptedSharedPreferences

This class is a wrapper around the SharedPreferences class and provides automatic encryption of keys and values stored in SharedPreferences. Keys are encrypted using a deterministic encryption algorithm, while values are encrypted using AES-256 GCM (Galois/Counter Mode) encryption.

KeyStore

The Security library leverages the Android KeyStore system, which is a secure storage facility for cryptographic keys, to store the primary (master) key used for encrypting and decrypting data. The KeyStore system ensures that keys are protected and inaccessible to unauthorized users.

Sample Use Case: Token Management

Sensitive information stored in Android applications, such as private access tokens, API keys, guest access tokens, and personal information, can pose a significant risk if they fall into the wrong hands. When an attacker gains access to these sensitive details, it can lead to various negative consequences, including unauthorized access to user accounts, misuse of API services, identity theft, and more. Therefore, it is crucial to handle and store sensitive data securely to mitigate these risks.

Traditionally, SharedPreferences have been used in Android apps to store small amounts of key-value data, including sensitive information. However, extracting data from SharedPreferences on a stolen or compromised device is relatively straightforward, as these values are stored in plain text or can be easily decrypted.

To address this vulnerability, EncryptedSharedPreferences and EncryptedFile can be use.

By using EncryptedSharedPreferences or EncryptedFile instead of plain SharedPreferences, developers can significantly enhance the security of sensitive data stored in Android applications. These classes leverage strong encryption algorithms and best practices to protect the confidentiality and integrity of the information, reducing the risk of unauthorized data extraction and mitigating the potential consequences of such actions.

For token management use case implementation: https://github.com/Burak-Tasci/TokenManager

Resources & References:

[1]: https://developer.android.com/topic/security/data
[2]: https://developer.android.com/training/articles/keystore
[3]: https://developer.android.com/training/articles/security-tips#InternalStorage
[4]: https://developer.android.com/training/articles/keystore