Companies want to provide their employees with mobile apps to enhance their productivity while on-the-go. Those mobile apps usually provide the employee with corporate data that may be confidential or proprietary, so the data must be secured according to your company’s information security policies. Securing data on Android devices has long been a challenge but recent framework improvements have enabled a reasonable level of security to be incorporated into your apps.
Let’s take the example of a simple application that allows the user, employee of a company, to download some documents so they can be accessed offline. These documents might contain sensitive data and you need to provide some security to make sure that a stolen or lost device won’t mean anybody being able to access those documents.
Files must be encrypted, which is usually done with a symmetric encryption algorithm — a technique where the key used to lock (encrypt) the content is also used to unlock (decrypt) the content. Since the key can be used to unlock the files and read the confidential or proprietary corporate data they contain, the key must be stored in a manner that makes it difficult to use by anybody who should not have access to that data.
Until version 4.3, Android did not offer a place to store the key so that it could only be accessed by the device owner while running your company’s apps. The old Keychain service allowed every application on the device to access any key it stored, which would enable malware and other hostile apps to load the key and use it to read the files.
Starting with version 4.3, Android added a new service called the Keystore which stores public-private key pairs that can only be accessed by the app that stored them. Encryption with public-private key pairs is called asymmetric encryption because the key used to lock the content is different than the key used to unlock the content. Encryption of large content, such as files, with asymmetric encryption has a number of disadvantages, chief among them is that it is a processor intensive and battery draining activity. We will still want to encrypt files with a symmetric key.
We now have all the pieces we need to encrypt the files and securely store the key used to decrypt them.
The basic process consists of the following steps:
- The files are encrypted with a symmetric key and written to storage.
- The symmetric key is encrypted with a key pair and written to storage.
- The key pair is encrypted by Android and stored in the Keystore.
- The Keystore is encrypted using the device’s lock screen passcode.
Using the Keystore has some consequences:
- The files cannot be encrypted unless the device has lock screen security. This is because the Keystore will not accept key pairs unless it can encrypt them, which requires lock screen security.
- The files cannot be decrypted while the device is locked, which may inhibit the app from taking advantage of certain background operations.
- Android prevents the lock screen security from being removed if there are any key pairs in the Keystore.
- Due to the keystore implementation in Android 4.3 having a bug that could expose the Keystore’s contents, SPR recommends only using the Keystore on devices running Android 4.4.
The improvements made to Android’s keystore make Android a viable platform for building apps that access secure data. To learn more about keeping your company’s data secure on mobile devices reach out to SPR’s mobile practice.