I am currently designing a secure file storage Android application as part of a group coursework. I am charged with the security side of the app. Where can I learn about the the classes and imports that Android offers to implement password hashing, encryption of the stored files and such? I have looked on the android developers site, but it was of little use to me, as I am inexperienced with android. Thanks.
Asked
Active
Viewed 46 times
1 Answers
0
You can find useful information about Android Security here: http://developer.android.com/training/articles/security-tips.html
Anyway, any app on Android is isolated from the other, so you're basically safe until you keep your data in the private storage (obviously if the user has root permission you cannot avoid the reading of these private files).
If you're going to write file OUTSIDE (as on the SD), you will have to implement some algorithm to enrcypt your files.
You can look for AES encyption in Java: Java 256-bit AES Password-Based Encryption
-
Thank you, I somehow managed to miss that particular bit of the page. Do you have any tips or advice as to hash functions? I would ideally like the password to be hashed using SHA-512, and a salt added. Is this part of android, or would that particular bit of functionality be done with Java? – user3279195 Feb 06 '14 at 19:30
-
@user3279195 I'm not sure that Android provides you some help, but you can do this with standard java. You can use the MessageDigest class to implement it. I can also suggest you Bcrypt, that should be more secure (but for normal use a SHA+salt will be enough!)! Please, don't forget to accept or upvote if the answer was useful. :) – Enrichman Feb 07 '14 at 08:33