Secure Data Storage Scheme for Android Applications

Android operating system provides several private data storage techniques that can be used in mobile applications. All of the application data can be stored on its private, sandboxed folder which is not accessible to the other applications installed on the device. That assumption goes wrong if a malicious application gets root privileges which allow to get access to the whole filesystem of the mobile device – in such case application’s private data may become easily accessible and no longer protected. In this paper the concept of secure data storage scheme is presented, which is utilizing sophisticated Android OS security mechanisms altogether with password-based techniques for protecting application’s data. Efficient combination of user-provided secret and hardware-based keys with SQLCipher database described in this paper may be used for improving the security level of the Android applications.