Search code examples
androidsecurityappdata

Android security: how secure is the app private data?

I have an application that stores confidential information in a file located in the application's private data folder.

I would like to know how secure it is to do so.

As far as I know on an android device other applications cannot access that file.

Supposing:

  • the device is not rooted
  • there is a password protection on the lock screen
  • a hacker has stolen that device and he is really forced to get that file

What kind of tricks are there to get that file somehow? I mean:

  • Is it possible to get the device rooted (in this scenario) and then get that file?
  • Can the hacker physically take out the flash chip from the device and then he analyzes it using any tool. Does Android make any encryption preventing this way to happen?
  • Other ways to get that file maybe?

Is it possible at all to fully protect that file somehow? Maybe the application could have an autostart service that monitors the rooted status. If the device gets rooted the service deletes the file immediately.

Thank you!

Solution

  • Is it possible to get the device rooted (in this scenario) and then get that file?

    Yes, assuming:

    • the hacker can brute-force the password, and
    • the device is rootable in general (not every device has a known recipe for gaining root)

    Can the hacker physically take out the flash chip from the device and then he analyzes it using any tool.

    In theory, though that would not be easy to do without physically damaging it.

    Does Android make any encryption preventing this way to happen?

    Android offers full-disk encryption, and it is enabled by default on new Android 5.0 devices. Older Android devices' full-disk encryption could be brute-forced; Android 5.0's seems stronger in this regard, though only time will tell if it too has flaws.

    Is it possible at all to fully protect that file somehow?

    Do not put the file on the device in the first place.

    Or, encrypt it yourself, with a passphrase known to the user that is sufficiently strong. You eventually get to a point where a $5 wrench is a more viable approach than is trying to hack the device.

    Maybe the application could have an autostart service that monitors the rooted status. If the device gets rooted the service deletes the file immediately.

    Your application is not running in some of these circumstances, in part because the OS is not necessarily running in normal mode.

    Furthermore, even if your application is running, the attacker will simply force-stop it from Settings after getting past the lockscreen and before attempting to set up root access.

    And, this assumes that your app knows all possible ways of detecting root access, which seems unlikely.

    My application needs to read and write that file, so encryption is useless from a hacker point of view

    Only if your application needs to "read and write that file" without the user supplying the passphrase. In this scenario, your only absolute defense is to not have the file. Everything else just slows attacks down but cannot stop them.