Skip to main content

Conceal for Secure Android File Encryption

If you are an Android developer you might have used SQLCipher as drop in replacement for SQLite that allows for encrypted data storage. You might have also used IOCipher that provides an encrypted file system backed by SQLCipher. The problem with these is that they are fairly large (multiple Mb for the ARM version due to SSL) and using SQL to store file data is a pragmatic yet heavy way to provide for file encryption. Many apps implement their own file based security but that can easily lead to cryptographic vulnerabilities.

Facebook has just announced Conceal, a new opensource Java library that provides for file based encrypted storage, for example on SD cards where apps can otherwise view either other’s data. Conceal is easy to use, fast and they have managed to take just the parts of Open SSL they require and have reduced the extra SSL payload down to just 85KB.

Mobile Phone Development

Comments

Popular posts from this blog

Pattern: Riblets vs. VIPER

Engineering the architecture behind Uber's new rider app

Not being held back by our extensive codebase and previous design choices gave us the freedom where we otherwise would have made compromises. The outcome is the sleek new app you see today, which implements a new mobile architecture across both iOS and Android. Read on to learn why we felt the need to create this new architecture pattern, called Riblets, and how it helps us reach our goals.

The platforms share:

Core architectureClass namesInheritance relationships between business logic unitsHow business logic is dividedPlugin points (names, existence, structure, etc.)Reactive programming chainsUnified platform components
Each Riblet is made up of one Router, Interactor, and Builder with its Component (hence the name), and optional Presenters and Views. The Router and Interactor handle the business logic, while the Presenter and View handle the view logic.

Uber

Stetho - A Chrome debug bridge for Android applications

Stetho is a sophisticated debug bridge for Android applications. When enabled, developers have access to the Chrome Developer Tools feature natively part of the Chrome desktop browser. Developers can also choose to enable the optional dumpapp tool which offers a powerful command-line interface to application internals.

Facebook Github

WireMock

WireMock is a flexible library for stubbing and mocking web services. Unlike general purpose mocking tools it works by creating an actual HTTP server that your code under test can connect to as it would a real web service.

It supports HTTP response stubbing, request verification, proxy/intercept, record/playback of stubs and fault injection, and can be used from within a unit test or deployed into a test environment.

Although it’s written in Java, there’s also a JSON API so you can use it with pretty much any language out there.

WireMock.org