Modern Android Security Development

https://proandroiddev.com/modern-android-security-development-f84796824cea

So as I always say StackOverflow cannot be trusted blindly:

Given the “find out how to en-decrypt data in Android” requirement, what would you do?
Unless you are a security expert or developer with a security career dedication that writing the cryptographic code from scratch is just a trivial task, it’s very common for us to start “Googling”, deep dive in “Stack Overflow” to find security-related implementation answers until we probably find below similar snippet:

Instead you need to dig and find the correct tool for the job:

Jetpack Security

Or “JetSec” for short, introduced at last Android Dev Summit 2019 provides us a high-level abstraction to allow encrypting data, file, until shared preferences easily without having to really understand the ins and outs of security.

JetSec features Android KeyStore ¹ which is the mastermind of every cryptographic operation and we may assume all data secured is done via it. Of course, every secured data associates with a private key which is a primary material used for any cryptographic op. In JetSec, these private keys called keyset . Android KeyStore stores these keyset materials in a container hardware-backed which makes accessing them very hard and it’s not exportable.

I loved this quote:

Thanks for reaching the potato. Few words left by this great said:

“Security is always excessive until it’s not enough.”

  • Robbie Sinclair
1 Like