How can I protect my app from Google itself?

Question

I made a simple app that stores bank account, money transactions and other sensible data. Stored data is already encrypted, with no network access at all and closed to itself. But how can I make sure that other apps or the OS itself is not trying to read data the app generates? Are there trustable methods to see when and/or how my app is being tracked or read, even by the OS and log that "suspicious" activity?

I Tried to google that and read Developers manuals, but found nothing.

Answer 1

If you are saying that your data is

already encrypted

And not looking for a better encryption methods. Then you are basically asking a question not much different from: "Can I forbid for an OS an access to the screen buffer, and render my decrypted data directly on a hardware?"

The only totally safe solution to this problem is to create your own OS.

But then again... you must ask yourself: do you trust hardware manufacturers? Or that you hardware won't be somehow infected. https://www.symantec.com/connect/forums/bios-level-malware

Other options are:

1. Trust in open source.
2. Participate in open source and audit software you are using.
3. And there is always a security through obscurity: if you are not a millionaire bad guys won't bother wasting their time to break even a simplest protection.

Answer 2

Make use of the SHA256 algorithm method in your app logic.

This algorithm requires a salt to be required in order to encrypt and decrypt the text.

Without this salt, no one not even Google or OS in your case can access your sensitive data.

If you have your project on Github then put this salt inside a file_name.env (extension for the environment file) and add this file in .gitignore so that this secret salt key is not stored on the server and is with you itself!

Hence, no one can access your encrypted sensitive data!

Follow the Official android doc: Android Developer doc for SHA256 Message Digest

Answer 3

Protecting your app's data from other apps is the operating system's job. There are a few things you have to get right to ensure this, such as protecting the key you use to sign your apk. There are also a few things your users have to do (which are out of your control), such as not root their phone and then grant root access to other apps. Programming-wise, there's nothing too specific. Most inter-app data sharing is opt-in.

Protecting your app's data from the operating system is a high bar--especially as you describe: if the operating system were to try to see your app's data. It's common to assume, for analysis, that it knows everything about your app's design and can be arbitrarily dishonest. We'd assume advisory measures, such as opting out of app data backup and setting "private" mode on the on-screen keyboard don't do what they claim.

Unfortunately, protecting your app from the operating system/vendor is not something well supported in Android. And depending on your personal views, you might consider that the operating system having access to your app's data equivalent to the operating system vendor (indeed, Google in the case of Pixel phones) having access to your app's data--especially if they can deliver operating system upgrades automatically.

A key problem is that input and output go through the operating system. A user's taps on the screen go through the operating system first before the operating system conveys them to your app. You might then encrypt it, but it's already too late. Later you would decrypt something to show it to the user. But descriptions of what to show on screen go through the operating system before the operating system conveys them to the screen.

As the question asks about the current state of Android, the answer is that there's no (general) way to isolate your app's data from the operating system.

But there are two positive things I want to point out in this answer:

1. There's hope for certain specific kinds of data.
   • You can isolate cryptographic keys. Android comes with a keystore system that's well separated from the operating system. With this, you can, for example, create digital signatures without exposing the key to the operating system.
   • You might be able to display some content, if only it were generated and encrypted off of the device. Digital rights management (DRM), referring to the technology that tries to keep people from bootlegging movies, is supposed to make a safe path from a content owner to the screen without much other stuff being able to 'see' it. I don't have much details on this though, and I don't know if any of it really keeps the operating system out as practically implemented
2. You can also do some good if you're willing to consider a weaker threat model, where you say the operating system starts out 'good' and then turns evil at a later date (eg, it gets compromised by an attacker). In this situation, the encryption you mention starts to be useful. You can make it so that the attacker can't immediately access the app's data. They'd have to wait for the user to put in the encryption password or something like that. But you'd have to figure out how much that's worth.

Answer 4

You may also want to use some encryption which relies on a custom secrete key and part of that secret key has been provided by the user himself. Also, be careful about the apps which have screen record permission they might run a foreground service, pretend doing something else (screenshot) while trying capture your app on display info. It's a rare case, I think I am just trying to be super protective here

Answer 5

If your app is persisting data, use EncryptedSharedPreferences .

If your app is sending data to the cloud, it is encrypted with SSL/HTTPS. You can further write encrypt / decrypt logic in your API calls for adding another level of indirection.