Facebook releases Conceal, an efficient library for encrypted storage on Android

February 6, 2014

facebook trackingFacebook Engineering has released a new encryption library, Conceal, for Android which is designed to encrypt data quickly without using too much system memory. On lower end Android devices resources like system memory, processor power and internal storage are often at a premium. This means that data often needs to be written to the phones expandable storage, i.e. the SD card. The problem with SD cards is that they can be removed and the data copied and used. If the data written there isn’t encrypted then you have a security risk.

Facebook currently uses Conceal in its Android app to encrypt¬†image files for storage on SD cards. This allows the app to access more¬†storage¬†if needed while protecting the user’s¬†privacy. By¬†releasing¬†the library as open source Facebook wants to¬†encourage¬†other app¬†developers¬†to take user¬†privacy¬†seriously and is giving them a¬†tool¬†that¬†will¬†help.

One key difference between Conceal and any of the other gazillion encryption libraries that exist, is that this library does just one job, therefore it doesn’t give developers a multitude of options to choose from. Rather the way the data is encrypted is fixed (using AES-GCM, an¬†authenticated encryption algorithm) and Android’s random number generator is bypassed due to security concerns about it strength.

An¬†authenticated encryption algorithm is one which ensures the integrity of the data by generating the¬†Message Authentication Code (MAC) on the fly, while the data is being encrypted. In simple terms a MAC is like a checksum, the authentication code¬†generated and the data should match up during the decryption process. If they don’t then it means that someone has been tampering with the data.

Speed is also an important element. Facebook’s testing shows that Conceal is around five times faster than the popular Bouncycastle encryption library.

Conceal officially supports Android 2.3 and higher (Gingerbread) and the documentation along with the source code can be found on Facebook’s Github. For those interested, Subodh Lyengar has some more technical details about Conceal on the Facebook Engineering blog.

Comments

  • MasterMuffin

    Heh heh Facebook wanting other companies to take privacy seriously heh heh good one :D

  • tocsin

    Like Facebook care about privacy

    • AA :P

      that’s to keep our data safe from …uhh, us :)

  • AnotherAndroidKid

    So I just read Facebook and protecting your privacy in the same sentence… This is funny.

  • Al Ricci

    This just in, the NSA has released an a new encryption library for Android which is designed to encrypt data quickly without using too much system memory …

  • Jayfeather787

    *NSA builds another super computer and says “Haha bitch”*