Repository to learn and play with Android security.
- Min. SDK set to 21
- UI built with Compose
Currently:
- Lock screen required
- Legacy: Cryptography AES - encrypt and decrypt file - Android M+ (23+)
- Legacy: Cryptography AES - encrypt and decrypt text - Android M+ (23+)
- Legacy: Cryptography RSA - encrypt and decrypt text - Android Lollipop+ (21+)
- Jetpack Security (alpha): EncryptedSharedPreferences
- Jetpack Security (alpha): Cryptography AES - encrypt and decrypt file
- Block screen recording and screenshots
TODO:
- Hash functions
- Proguard
- Safe API keys
- Certificate pinning
- Guide to Encryption & Decryption in Android (Keystore, Ciphers, and more)
- Secure data in Android
- Encryption Tutorial For Android: Getting Started
- Google Help: Remediation for Unsafe Cryptographic Encryption
- Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
(Last updated 07.09.2023)
- What encryption to use with the Android version before Marshmellow (23)?
Or Jetpack Security library (but it is in alpha with issues) or cryptography with RSA.
- In AES - does the Initialization Vector need to be kept secret?
No. Source: https://support.google.com/faqs/answer/9450925?hl=en and https://stackoverflow.com/questions/9049789/aes-encryption-key-versus-iv
- In legacy cryptography - does an alias need to be kept secret?
No. Source: https://stackoverflow.com/questions/49420586/how-to-safely-save-alias-key-of-android-keystore