Google’s latest mobile OS, Android Pie will now help developers to protect sensitive information by preventing applications from decoding keys if the user isn’t using the gadget.
Keeping in mind the recent security issues for mobile apps rooted in inferior development practices, Google has made few changes to its tools to help Android mobile app developers boost the security of their devices.
Recent cryptographical change in android mobile apps’ security will help developers prevent unintended exposure of personal and data to other applications or the OS.
Android Keystore provides app developers with a set of crypto tools for securing data with a key-based system. Developers can use this key to know which application sources are encrypted and how they can be unlocked.
Google’s latest mobile OS, Android Pie will now help developers to protect sensitive information by preventing applications from decoding keys if the user isn’t using the gadget.
The availability of ‘keyguard-bound’ crypto keys to perform data decryption is attached directly to the screen lock state. The keys become unavailable as soon as the screen is locked and is made available when the user logs in to his device.
Google Play researchers said,
“There are times when a mobile application receives data but doesn’t need to immediately access it if the user is not currently using the device. Now when the screen is locked, these keys can be used in encryption or verification operations, but are unavailable for decryption or signing. If the device is currently locked with a PIN, pattern or password, any attempt to use these keys will result in an invalid operation.”
Another new component Secure Key Import shields touchy information from being seen by the application or supporting framework.
An application or OS can send ‘intent’ messages out which can be listened to by other applications without proper access restrictions and permissions put in place.
Another problem revealed at DEFCON, showed that Android developers not following security guidelines for external storage can allow hackers to steal personal information or even access the whole device.
In the last few months, several outcomes for exploiting data leakage came into light. Any extra effort to save the user’s personal data is appreciable.
