CODEWITHSUNDEEP
androidandroid-emulator
niels
niels

Reputation: 7309

Secure Android with cryptography

I'm thinking of buy an android phone, but I'm a little bit scared about the security and privacy because in my palm I had in contacts and calendar a lot of private information. First I thought it could be solved by trying to sync without google, but in the last time I get a lot of information of security holes in android-apps to that I can't be sure that the phone self isn't compromised. I don't mean criminal apps, I mean criminal websites or apps with installed in background.

So my idea was to encrypt all entries [Update4]( only the description and text based field will be encrypted, not the time )[/Update4] of the calendar and contacts. This means writing an app, where I can define a security level for each record. Than I can set which entries should be decrypted and which not. So if I'm surfing in the www I can encrypted all and it will be save. Even if I sync with google I can go this way (Update: So google only has the encrypted data). After that I decrypt the records. Of course this is sometimes inconvenient, but I fear security is always inconvenient. [Update2] To make it clear, the data wont be decrypted on the fly, so if the data are encrypted and I open the calendar app I only will the the time and an encrypted description.[/Update2]

[Update3] What I don't want to do is to hack the android-system, meaning to root the phone or install a special firmware. Furthermore I don't want to invest weeks for development, so programming a new PIM-app is not an option. I simply want to take every record from the calender/contact database and encrypt the critical data. As far as I know there is an api to read and write such data. [/Update3]

So my questions are

  1. Is this possible to implement?

  2. Can I test it with the emulator or is the calendar and contacts app not part of the emulator?

Thanks Niels

PS: Reading this there is no public api to calendar, so it can't work :-(

Upvotes: 1

Views: 1255

Answers (4)

Chris Stratton
Chris Stratton

Reputation: 40337

https://android.googlesource.com/platform/packages/apps/Calendar

But don't expect to do anything with it without a fair amount of hacking. Most of the included apps will not build as SDK apps (ie, other than as part of a full firmware build) without deep-reaching changes - though I admit I haven't tried this particular one.

Upvotes: 0

Octavian Helm
Octavian Helm

Reputation: 39604

It doesn't really seem like you really understand or know the Android security and application installation principle.

In the first place there is no application which installs another application in the background. It just does not work that way. Every application which needs to be installed will only be installed if the user clicks on install.

There might be malicious applications (i.e. applications which log and send the data you enter or allow it to access other data to a server) no doubt but an user will be presented permissions list an application requires which allows the user to check if he is OK with that application to access the internet even tho that application would (logically) not need access to it for instance.

Now to answer your question if you can modify the pre-installed calendar application. No you can't do that without building from source. You basically would have to fetch the calendar project and modify the stuff you need. You'll probably need to modify other parts of the system too I'm not sure without checking it myself. If it would be possible to do so then we would really have some serious problems.

Due to Androids security model an application won't have access to any other application if that application does not explicitly allows that.

You won't get around getting your hands dirty with coding or possibly even custom system images.

Upvotes: 0

Chris Stratton
Chris Stratton

Reputation: 40337

Start with the android emulator. You will have access to all the open source parts of android, and unlike with the phones it is relatively possible to install altered versions, since you have root on the emulator automatically. Plus it's free - or I mean, it will only cost your time.

If you then conclude that your project is workable, look either for a phone that is known to be rootable and has a working open source platform build for it (ie, something cynagenmod or similar runs on) or else a phone sold as a developer model.

While it's possible you will be able to do what you want purely by writing applications within the bounds of the SDK, it's likely you will end up wanting to modify the platform to some degree, primarily to stop it from automatically doing things with cleartext data or at least to uninstall the defaults apps where you might accidentally do something with cleartext. So ease of doing that should guide your purchase decision more than features of a closed vendor build.

Upvotes: 1

CommonsWare
CommonsWare

Reputation: 1006539

Is this possible to implement?

Is it possible to write a calendar app and a contacts app that store their data locally in an encrypted form? Yes.

Is it possible to modify the existing Calendar and Dialtacts apps to have this feature? Only by modifying the firmware.

Is it possible to sync encrypted calendar/contacts data with Google? Probably not.

Can I test it with the emulator or is the calendar and contacts app not part of the emulator?

Can you test your own independent applications on the emulator? Yes.

Can you test your own modified firmware on the emulator? Yes.

Upvotes: 1

Related Questions