In an altruistic move, Facebook has open sourced code that makes it easier and more efficient for Android developers to perform encryption for apps on the Google operating system.
Facebook is hoping to fix a weakness in the way Android deals with storage with its Conceal application programming interfaces. Often, the solution to limited storage on an Android device is to push some data out to the SD card, but that is left unencrypted by default.
“This allows data to be read by any app (with the right permissions). Thus, external storage is normally not a good place to store private information,” said Subodh Iyengar, software engineer at Facebook, in a blog post.
“We saw an opportunity to do things better and decided to encrypt the private data that we stored on the SD card so that it would not be accessible to other apps. To do this efficiently, we built Conceal, a set of Java APIs to perform cryptography on Android and make storage more secure and lightweight.”
The new programming interfaces are designed “to be small and faster than existing Java crypto libraries on Android while using memory responsibly”, Iyengar said.
Rather than open up a range of encryption options, Conceal supplies “sensible defaults” as “encryption can be very tricky to get right”. It uses the AES-GCM standard, which uses authentication on top of encryption, computing a Message Authentication Code (MAC) of the data. This helps to detect any potential tampering with data.
“Conceal doesn’t implement any crypto. Instead, it uses specific cryptographic algorithms from OpenSSL. OpenSSL’s crypto library is about 1MB when built for armv7. By using only the parts of OpenSSL we needed, we were able to reduce the size of OpenSSL to 85KB,” Iyengar added.
Developers can access the Conceal API by heading to Facebook’s GitHub page.
Facebook, which is celebrating its 10th birthday this week, has a good reputation in the open source community. Its Open Compute project aims to re-imagine the data centre as a modular, hugely-efficient facility with limited vendor lock-in.
Think you know security? Test yourself with our quiz!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
