O'Reilly logo

Android Security Cookbook by Scott Alexander-Bown, Keith Makan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Password-based encryption

One of the larger issues with encryption is the management and secure storage of encryption keys. Until now and in the pervious recipes, we have settled for storing the key in SharedPreferences as recommended on the Google developer's blog; however, this is not ideal for rooted devices. On rooted devices, you cannot rely on the Android system security sandbox as the root user has access to all areas. By that we mean, unlike on a unrooted device, other apps can obtain elevated root privileges.

The potential for an insecure app sandbox is an ideal case for password-based encryption (PBE). It offers the ability to create (or more correctly derive) the encryption key at runtime using a passcode/password that is usually supplied ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required