Encryption is complex and difficult to do correctly. A study by Carnegie Mellon and the University of California showed that 88% of Google Play applications using encryption made at least one cryptographic mistake.
It’s recommended you use a proven 3rd party library that has covered all the pitfalls. If you must implement encryption for yourself, here are some tips:
Use industry standard encryption
For symmetric encryption use AES with 256-bit keys and for asymmetric encryption use RSA with 2048-bit keys. Use SHA-256 for hashing.
Do not use ECB mode for encryption
ECB mode isn’t recommended because it is less secure because it’s deterministic in that identical messages encrypt to to identical encrypted texts. Look for “AES/ECB” in the transformation string. Unfortunately, the popular BouncyCastle library uses ECB as the default block cipher mode so don’t rely on just looking for the “ECB” string.
Do not use a non-random IV for CBC encryption
Don’t initialise the IV with a constant otherwise you get a deterministic, stateless cipher which is less secure. For this flaw, look for CBC being used with a IvParameterSpec being constructed using static or evaluate to constant values.
Do not use constant salts for PBE and do not use less than 1000 iterations
The iteration count and salt ensure that the encryption is strong enough to resist a brute force attack. For this flaw look for PBEParameterSpec being constructed from a static value or evaluated to a constant (always the same) value. Also inspect at the PBEParameterSpec iteration count.
Don’t use a constant key
Don’t use a key, hardcoded in the code. For this flaw, look for the key being static or being evaluated to a constant (always the same) value.
Don’t use a constant seed for SecureRandom
Up until Android 4.2, SecureRandom seeded with a constant seed produced a known constant across all implementations which wasn’t secure.
References
- An Empirical Study of Cryptographic Misuse in Android Applications
- Application Security for the Android Platform
- CERT: Do not use the Android cryptographic security provider encryption default for AES
- Encrypting strings in Android: Let’s make better mistakes
