M
M
mitaichik2015-11-25 01:37:41
Java
mitaichik, 2015-11-25 01:37:41

How to programmatically encrypt data on Android?

Hello!
Interested not in the implementation, but in the general principle.
You need to encrypt certain data. If the key and data are stored on the device, they will hack without problems.
There was an idea to save the encryption result on the device, and transfer the key to the server. But an attacker can decompile the application and see what comes from where - the same is not an option.
There was an idea to use some kind of pin code as a key (so that the user enters it every time) - but this is usually 4-6 digits - it's elementary to calculate it by brute force.
Therefore, the question arises: is it possible to securely encrypt and store data on the device, so that with root access to the device, an attacker could not decrypt it?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
I
Ivan, 2015-11-25
@LenLord

There is no 100% way to protect in the presence of a root.
This is a fact, there are only ways to complicate decompilation and make it not profitable in terms of man-hours.
You can also think about the Android NDK.

I
Ivan, 2015-11-25
@LiguidCool

In fact, if you have root, in any case, you can find a loophole by decompiling the application and turning off, for example, the timeout for the number of incorrectly entered passwords. That is why the same Sberbank client, if there is a root on the phone, does not allow monetary transactions.
In general, you answered your own question - use a pincode, and so that it is not hacked, make a timeout. Or use a complex key encrypted with a pincode. With a certain incorrect number of entering the pincode, the password is permanently deleted.

E
Egor Kazantsev, 2015-12-08
@saintbyte

So since Android 4.4 there is an option to encrypt storage. And Sber most likely fires su and considers the device corrupted. put a chmod on su for everything and remove the bit sticks, then you can rename it before starting it, for example, to su2 and see if it is fired by Sber =)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question