Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Modern Security for Android Developers

Modern Security for Android Developers

In the ’90s the television was what the cellphone is today, everybody has one, the first time we hear about encryption we get all dizzy ’cause we think this is going to be really hard to handle but in reality, the things are completely different, multiple developers still think that Android Security is completely incomprehensible and do nothing about it.

In this talk, we will discuss Encryption, Biometric as a Local Authentication source, Native Code Modules, SSL, TLS, Secure Data layer, and the new changes for Android 11
What is padding in an Encryption Algorithm? what is KeyGenerator? where is the Keystore? what does it mean to have backend encryption?
In this talk, we will address all these questions and the inconvenience of not having any security in your app and how you can make it easy.
Taking a deep class inside the new Jetpack Security, Tink and Biometric how this comes to change the game inside modern security in Android development.

Dinorah Tovar

October 08, 2020
Tweet

More Decks by Dinorah Tovar

Other Decks in Technology

Transcript

  1. Encryption algorithms •Too many standars: Advanced Encryption Standard (AES)
 Rivest–Shamir–Adleman

    (RSA) •Modes of operation for symmetric and not symmetric keys •Paddings to encrypt long and small data. @ddinorahtovar
  2. Encryption in Android •Hardware acceleration •Android Version <application android:name=".YourApp" android:icon="@mipmap/ic_launcher"

    android:label="@string/app_name" android:roundIcon="@mipmap/ic_launcher_round" android:hardwareAccelerated="true"/> @ddinorahtovar
  3. Encryption in Android @ddinorahtovar •Secure Element and Trusted environments Peripherals

    Untrusted Area Trusted Area Applications OS Memory Trusted Component Memory
  4. Encryption in Android @ddinorahtovar •Secure Element and Trusted environments Peripherals

    Untrusted Area Trusted Area Applications OS Memory Trusted Component Memory Secure element
 Memory CPU
  5. Encryption in Android @ddinorahtovar KeyChain KeyStore API for credentials that

    can be used across your apps Store cryptographic keys securely
  6. Encryption in Android • Using Tink, a cross-platform for encryption,

    so we need 23 SDK min (for the RC) @ddinorahtovar
  7. How does it works? •Unexportable, cause depends of TEE •All

    the data travels in a Secure Channel @ddinorahtovar
  8. Secure data layer @ddinorahtovar •Authenticated, encrypted socket-level communication can be

    easily implemented using the SSLSocket Class •In a typical SSL usage scenario, a server is configured with a certificate containing a public key as well as a matching private key. As part of the handshake between an SSL client and server, the server proves it has the private key by signing its certificate with public-key cryptography.