Hybrid Encryption for Securing

Most mobile applications generate local data on internal memory with SharedPreference interface of an Androidoperating system. Therefore, many possible loopholes can access the confidential information such as passwords. We propose a Hybrid Encryption approach for SharedPreferences to protect the leaking confidential information through the source code. We develop an Android application and store some data using SharedPreference. We produce different experiments with which this data could be accessed. We apply Hybrid Encryption approach combining encryption approach with Android Keystoresystem, for providing better encryption algorithm to hide sensitive data

Android working framework is an open source and source code discharge by Google under Apache permit license, based on Linux-Kernel designed for smartphones and tablets. Android is one of the most popular operating systems for smartphones [1,2]. Designed to be a complete software stack, Android includes an operating system, middleware, and core applications. Furthermore, it comes with an SDK that provides the tools and APIs necessary to develop new applications for the platform in Java.Android does not distinguish between its core applications and new applications developed with the SDK; in particular, all applications can potentially interact with the underlying mobile device and share their functionality with other applications. Device loss is a pervasive problem with mobile devices and leads to severe attacks. Android KeyStore System minimizes drawback of encryption approach but still leak the data on the device. For securing data on the device, we propose the Hybrid Encryption Approach with case studies. CodeShoppy

Android allows create and store data within the application.This section describes SharedPreference interface, possible data security vulnerabilities with the help of test application. We discuss encryption approach taken to minimize the vulnerability and its drawback.A. SharedPreferences InterfacesAndroid’s SharedPreferences [3] interface provides a general framework that allows us to access and modify key-value pairs of primitive data types. This data persists across user sessions, even if the application is closed. By default, Android stores this data in an unencrypted XML file within the app’s directory on the device’s filesystem, with permissions that allow only the app to access this file. This is part of the concept known as “application sandboxing.”In Android, shared preferences are used to store user’s preferences for Android application such as display name, notification settings, vibration on/off, etc.B. Data Security VulnerabilitiesDevelopers can use Shared Preferences to store data on a device, and an attacker can access this data from a device as well. The need of protecting it is of much importance. Tools such as Android Debug Bridge (ADB) [4] can be used to navigate to the directory where SharedPreferences are created.ADB -Android Debug Bridge (ADB) is a versatile command-line tool that lets you communicate with a device. The ADBcommand facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.ADB is included in the Android SDK Platform-Tools package. An attacker can download this package with the SDK Manager, which installs it at location android_sdk/platform-tools/.As it provides access to Unix shell of Android device, it helps anattacker to navigate to data directory and read or modify any unencrypted data including SharedPreferences

 Hybrid Encryption for Securing

Encryption Approaches Programmers found the solution to this problem with the encryption. All the values can be encrypted just before storing to SharedPreferences. There are open source libraries like Encrypted Preferences [11]. These libraries allow generating SharedPreferences, which are encrypted. However, EncryptedPreferences requires a password to encrypt text. Even if we implement AES encryption, there is often the need for a “secret.”If this password or “secret” is hard-coded into the appor uses some system value like MAC address, anyone looking through a decompiled version of the code can easily decipher what it takes to decrypt the Strings. We could generate a random long password, but if we put it in regular SharedPreferences, it will get persisted in plain text in a while. Approach took to hide password or secret key which is used to encrypt SharedPreference data is with the Obfuscation technique.Obfuscation makes it difficult for a reverse engineer, but as Obfuscation can only make it difficult, and not impossible to guess the secret key, the threat still exists.To solve the problem of data getting leaked from Androidphone’s internal memory, we propose the Hybrid Encryption Approach.Table 1 shows the threat, previous approached, and the proposed Hybrid Encryption Approach. Hybrid Encryption Approach uses Android KeyStore System to minimize drawback of encryption approach