Google Unveils New Encryption Features for Android Developers
Security-minded Android application developers can better secure user data, thanks to new cryptographic features in Android 9.0, Google says.
Starting in Android 6.0, as part of Keystore, application developers have had at their disposal a set of cryptographic tools designed to secure user data. Keystore keeps cryptographic primitives from software libraries on secure hardware, out of the Android OS, in an attempt to protect application secrets from various forms of attacks.
Applications can specify restrictions on how and when the keys can be used, and the latest Android iteration brings new capabilities to Keystore. Among these, there’s the ability to restrict key use to protect sensitive information, along with option to secure key use while protecting key material from the application or operating system.
Android 9.0 aims to keep sensitive information secure even if it was sent to an application while the device screen was locked (the app doesn’t need to immediately access the received data), and uses keyguard-bound cryptographic keys for that.
In such scenarios, the Internet search giant explains, the keys can be used for encryption or verification, but not for decryption or signing. Thus, when the device is locked with a PIN, pattern, or password, attempts to use the keys for decryption will result in an invalid operation.
“Keyguard binding and authentication binding both function in similar ways, except with one important difference. Keyguard binding ties the availability of keys directly to the screen lock state while authentication binding uses a constant timeout. With keyguard binding, the keys become unavailable as soon as the device is locked and are only made available again when the user unlocks the device,” Google says.
Keyguard binding is enforced by the operating system, not the secure hardware, because the latter doesn’t know when the screen is locked. However, hardware-enforced Android Keystore protection features such as authentication binding can be combined with keyguard binding to deliver improved security.
An operating system feature, keyguard binding is available to all devices running Android 9.0; keys for any algorithm supported by the device can be keyguard-bound, Google says.
Another new feature in Android 9.0 is Secure Key Import, which allows applications to provision existing keys into Keystore in a more secure manner. The secure key can be encrypted at origin using a public wrapping key from the user’s device and can only be decrypted in the Keystore hardware belonging to the device that generated the wrapping key.
“Keys are encrypted in transit and remain opaque to the application and operating system, meaning they’re only available inside the secure hardware into which they are imported,” the search company explains.
The feature should prove useful in scenarios where an application intends to share a secret key with an Android device, but wants to make sure the key is not intercepted or that it doesn’t leave the device. A secure hardware feature, Secure Key Import is only available on select Android Pie devices.