Conceal for Secure Android File Encryption

facebook.gifIf you are an Android developer you might have used SQLCipher as drop in replacement for SQLite that allows for encrypted data storage. You might have also used IOCipher that provides an encrypted file system backed by SQLCipher. The problem with these is that they are fairly large (multiple Mb for the ARM version due to SSL) and using SQL to store file data is a pragmatic yet heavy way to provide for file encryption. Many apps implement their own file based security but that can easily lead to cryptographic vulnerabilities.

Facebook has just announced Conceal, a new opensource Java library that provides for file based encrypted storage, for example on SD cards where apps can otherwise view either other’s data. Conceal is easy to use, fast and they have managed to take just the parts of Open SSL they require and have reduced the extra SSL payload down to just 85KB.

 concealspeed.png

As with all encryption, you need somewhere to store your keys. For Conceal, the default implementation stores the keychain in shared preferences. Shared preferences are implemented in Android as a private file and hence the keys aren’t visible from other apps unless the device has been rooted.