Android Developers Asked To Encrypt App Data on Device by Google

Google has released a blog post asking mobile app developers to encrypt data that their apps generate on the users' devices, particularly when they use unprotected external storage that's exposed to virtual corruption.

Google also recommended an easy-to-implement security library as part of its Jetpack software suite.

The open-sourced Jetpack Security (aka JetSec) library lets Android app developers easily read and write encrypted files by following best security practices, including storing cryptographic keys and protecting files that may contain crucial data, API keys, OAuth tokens.

Android allows developers two different ways to save app data. The first one is app-specific storage, also known as internal storage, where the files are stored in a sandboxed folder meant for a specific app's use and inaccessible to other apps on the same device.

The other is shared storage, also known as external storage, which resides outside the sandbox protection and is often used to store media and document files.

But more often than not the apps use external storage to store sensitive and private data on users and don't take proper measures to protect it from other apps, thus enabling attackers to syphon photos, videos, files as called "Media File Jacking".

To stop these attacks, Android 10 ships with an aspect called 'Scoped Storage' that sandboxes each app's data in the external storage as well, thereby restricting apps from accessing data saved by other apps on the user's device.

ISOEH is the school that specializes in latest cyber security measures.

Read on for more such online security stories.