Google Advised Android Developers to Encrypt App’s Data Using Jetpack Security

Recently, the tech giant Google advised that all the mobile app developers encrypt the data their apps usually generate on the users’ device using Jetpack security.

Now many of you might be thinking that why Google recommends this measure? Basically, the most common reason is the unprotected external storage which is really vulnerable to hacking.

Jetpack Security is based on Tink, an open-source, cross-platform security project from Google.

Encrypt the App Data Jetpack Security

Due to the less availability of reference frameworks, Google has strongly recommended all the developers to use the easy-to-deploy security library as a part of its Jetpack software suite.

Now, if you don’t know, then let me clarify that Jetpack Security open-source library is also known as JetSec. And it basically allows app developers to read and write encrypted files following the best security practices like cryptographic key storage, API keys, OAuth tokens, and much more.

Generally, the most used mobile OS of Google, Android, offers two different ways to store app data to all its developers.

Here’s the first one, app-specific storage, which is also known as internal storage as well, and the other one is the shared storage; it is also known as external storage.

The first one, “app-specific” storage simply allows you to store all the files in a sandboxed folder, which is intended for a particular app’s use, and other apps present on the device will not be able to access this folder.

While the other one, “shared storage” simply remains away from the sandbox protection, as it is usually used to store multimedia and document files on the device. But, the fact is that most of the applications use shared storage or external storage to save all the confidential and private data of users.

But, it doesn’t take enough security measures to guard it against other apps that allows attackers to steal sensitive data like photo, videos, and much more.

However, the fact is that the outcomes of this were already shown two years ago with the “man-in-the-disk” attacks. Are you getting confused? Don’t worry, let me clarify, it simply allows the attackers to compromise an app by manipulating a few data that is transferred between it and external storage. 

Apart from this, another research exhibited how a hacker can easily access the photos and videos secretly without having any specific device authorizations. Now many of you might be thinking, How? It simply takes advantage of less security present on the device’s external storage.

If you are an Android user and worrying about these security flaws, then stop worrying now, as Google has already taken enough measures to avoid these types of attacks. Google has already implemented a new feature know as Scoped Storage on its latest version of Android, of course, the Android 10 or Android Q. Basically, this feature simply limits the app access to the data stored by the other apps present on the device.

While on the other hand, the Jetpack Security library, which is also known as JetSec, has already moved on with an easy-to-use solution simply to encrypt data to add an extra layer of protection on it Also, Jetpack Security uses a master key, which encrypts all subkeys that are used for each cryptographic operation.

Moreover, the tech giant Google clearly stated that “if your app uses shared storage, then you must encrypt the data. In the app’s home directory, your application must encrypt data if the app handles confidential information that covers personally identifiable information (PII), health records, financial details or business data, and much more.”

And to increase the protection level, Google has also strongly recommended the app developers to combine encryption with biometric information, as it will definitely add an extra layer of protection.

Google Also Provides a sample app FileLocker on the Android Security GitHub samples page. It’s a great example of how to use File encryption using Jetpack Security.

So, what do you think about this? Simply share all your views and thoughts in the comment section below.

Follow in Twitter for Daily cyber security & hacking news updates: Cyber Security News

Leave a Reply