February 6, 2014
6

facebook trackingFacebook Engineering has released a new encryption library, Conceal, for Android which is designed to encrypt data quickly without using too much system memory. On lower end Android devices resources like system memory, processor power and internal storage are often at a premium. This means that data often needs to be written to the phones expandable storage, i.e. the SD card. The problem with SD cards is that they can be removed and the data copied and used. If the data written there isn’t encrypted then you have a security risk.

Facebook currently uses Conceal in its Android app to encrypt image files for storage on SD cards. This allows the app to access more storage if needed while protecting the user’s privacy. By releasing the library as open source Facebook wants to encourage other app developers to take user privacy seriously and is giving them a tool that will help.

One key difference between Conceal and any of the other gazillion encryption libraries that exist, is that this library does just one job, therefore it doesn’t give developers a multitude of options to choose from. Rather the way the data is encrypted is fixed (using AES-GCM, an authenticated encryption algorithm) and Android’s random number generator is bypassed due to security concerns about it strength.

An authenticated encryption algorithm is one which ensures the integrity of the data by generating the Message Authentication Code (MAC) on the fly, while the data is being encrypted. In simple terms a MAC is like a checksum, the authentication code generated and the data should match up during the decryption process. If they don’t then it means that someone has been tampering with the data.

Speed is also an important element. Facebook’s testing shows that Conceal is around five times faster than the popular Bouncycastle encryption library.

Conceal officially supports Android 2.3 and higher (Gingerbread) and the documentation along with the source code can be found on Facebook’s Github. For those interested, Subodh Lyengar has some more technical details about Conceal on the Facebook Engineering blog.

Gary Sims
Gary has been a tech writer for over a decade and specializes in open source systems. He has a Bachelor's degree in Business Information Systems.He has many years of experience in system design and development as well as system administration, system security and networking protocols. He also knows several programming languages, as he was previously a software engineer for 10 years.
Show 6 comments