Article about cryptography in Android apps published in web & mobile DEVELOPER

2015-08-13: The article "Abgesperrt - Verschlüsseln in Android-Apps." (translation: "Locked - Encryption in Android apps") has been published by German magazine web & mobile DEVELOPER in issue 9.2015.

The articles introduces on 10 pages into cryptography on the smartphone operating system Android.

It also gives a general introduction into symmetric-key algorithms (block ciphers and stream ciphers) as well as asymmetric-key algorithms (public-key systems RSA and elliptic curve cryptography). After an overview of cryptography, an explanation of how crypto-algorithms work and operating modes of crypto-algorithms, the article discusses Java Cryptohgraphy Architecture (JCA) and Java Cryptography Extension (JCE) as well as the cryptographic providers (Bouncy Castle, OpenSSL etc.) which are available on Android.

Security vulnerabilities - general and Android-specific - are outlined as well as the integration of 3rd party providers (Spongy Castle). The article goes hereby beyond the usual introductions. It shows solutions for existing problems on Android and in Java and provides assistance on selecting the "right" algorithm and the "right" library respectively. Last but not least the pros and cons of "self-implemented algorithms" and "existing 3rd party libraries" are outlined. Legal restrictions and security concerns are discussed.

The practical application is shown by samples of the cryptographic systems AES, Twofish, RSA and ECDH (Elliptic Curve Cryptography Diffie-Hellman).

Müller, Oliver:
Abgesperrt - Verschlüsseln in Android-Apps.
web & mobile Developer 9.2015
Pages 98 - 107.