Chapter 5. Protecting Stored Data

This chapter shows you how to protect data that your application stores on the Android device it runs on. This may include basic, nonsensitive data such as high scores on a game, or very sensitive data such as the user’s bank account login details, should your app require access to such data. As you saw in Chapter 2, some of the built-in protections afforded your app by the basic architecture of Android should prevent other apps from accessing (or, potentially even worse, modifying) this stored data.

But basic access control, such as that provided by the operating system, is often not enough to protect against the risk of compromise (remember: if the risk, composed of vulnerability, threat, and consequences, is high, you must mitigate that risk down to a sufficiently reduced level). This is where cryptography comes into play; if data is stored in a scrambled or encrypted form, an attacker can get his hands on it without recovering the normal, unencrypted form. This is one of the primary advantages of cryptography, and what we will be discussing in this chapter.

The Threats and Vulnerabilities Against Stored Data

We have already seen, in Chapter 2s, how the Android system segregates data stored by apps from other apps. We have also seen how apps can share data amongst themselves and how we can use permissions and other access control mechanisms to specify what type of such accesses are allowed. All of these protections, offered to stored data or data ...

Get Application Security for the Android Platform now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.