Sensitive data should be encrypted even if it’s stored in internal storage protected by the Android sandbox. Internal storage can be accessed, for example, if the device has become rooted and there many other exploits and vulnerabilities that can reveal data.
This data includes files, SQLite databases and shared preferences.
It’s possible, but not recommended, to implement the encryption yourself. However, this can be error prone and might itself incur new vulnerabilities. Instead, try to use a proven 3rd party library. Consider:
The problem with these is that they are fairly large (multiple Mb for the ARM version due to SSL) and using SQL to store file data is a pragmatic yet heavy way to provide for file encryption.
Take a look at KeyCzar, an open source cryptographic toolkit originally developed by members of the Google Security Team. There’s also java-aes-crypto that’s a simple Android class for encrypting and decrypting strings, aiming to avoid the classic mistakes.
Also take a look at Facebook Conceal, a newer opensource Java library that provides for file based encrypted storage. Conceal is easy to use, fast and they have managed to take just the parts of Open SSL they require and have reduced the extra SSL payload down to just 85KB.
As with all encryption, you need somewhere to store your key. For Conceal, the default implementation stores the keychain in shared preferences. Shared preferences are implemented in Android as a private file so, depending on your security requirements, this might or might not be good enough. Take a look at the post on securing your secure data keys for some tips.
Shared preferences can, themselves, be encrypted. There’s a great library by Scottyab that optionally uses a user password to protect the values.
Even when your sensitive data is encrypted, you need to be aware that when programatically decrypted, the data will be available decrypted in memory which can be read by rooted devices or via malware that uses vulnerabilities to access as root. Security sensitive apps need to take steps to detect rooted devices, keep data in memory for as short a time as possible and detect tampering.
