handle confidential data and text in Android app

Question

What would be the best most secure way to handle confidential text in an Android app?

The basic structure is (text/int) and some similar variations of it.

The app only shows a selection of the (readable text /readable int) at a time, so decryption will only be done for very few pairs at a time.

I need to make sure that extracting the complete (text/int) information is practically impossible - if possible :-)

Is there any standard library/scheme to handle this?

Many thanks

EDIT (after getting some very interesting responses to this question):

It seems that even when the data is encrypted one could easily take the de-compiled code from the app, combine this with a self-written extraction routine, and hereby get all the decrypted info to a file. Since the encryption key has to be provided to users of the app, everybody could potentially get to the data this way.

So in summary there is no real good solution?

Yury · Accepted Answer

I think in your application you can use a symmetric cryptography and you can store your key in the Keystore. This key should be protected with password. Every time, when you run your application, it will ask the user for the password. If the password is correct then the key is extracted from the Keystore and used to decrypt your data. In this case, there is no difference where you store your data (text/int pairs) because all data will be encrypted. For Android SDK look at the package java.security and to the class java.security.KeyStore

If you want to supply your application with the data that you don't want to be extracted then obfuscation is a possible solution if you write in Java. If you want this functionality to be written in C/C++ then use Android NDK.

handle confidential data and text in Android app

Answers (2)

Related Questions