Security News > 2020 > February > Google Advises Android Developers to Encrypt App Data On Device
Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking.
The open-sourced Jetpack Security library lets Android app developers easily read and write encrypted files by following best security practices, including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens.
To give a bit of context, Android offers developers two different ways to save app data.
To prevent such attacks, Android 10 ships with a feature called 'Scoped Storage' that sandboxes each app's data in the external storage as well, thereby limiting apps from accessing data saved by other apps on your device.
"In the app home directory, your app should encrypt data if your app handles sensitive information including but not limited to personally identifiable information, health records, financial details, or enterprise data."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/fdFw8-vDNjs/android-app-data-encryption.html
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Google Gemini's Astra (screen sharing) rolls out on Android for some users (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)