On Thu, Dec 9, 2010 at 03:07, Vivek Madathil <[email protected]> wrote: > I am exploring a way to support SD card encryption on android. We > need to support only file content level & file name level (not > partition level) encryption. > [...] > 1) Will integrating the proprietary security algorithms at bionic libc > APIs that provide file access routines (fread, fwrite ) a good > option ?. We know that there will be a performance drawback due to > this.
Good option by what metric? Performance? Android policies and common practices? Strength of security? Flexibility? Purpleness? Some questions that might help guide us to the best approach: What is your goal? What are the criteria for your encryption system to be successful? Why do you want to encrypt (who are you protecting the data from, who are you limiting it to)? Who is your target audience (general public, internal to your organization, regulation compliance, ...)? Which android version/platform do you want to be able to deploy this on (any, newer than x, versions, custom build that you have control over)? Integrating your proprietary security algorithms into bionic libc will only work on Android devices that include this modified bionic libc, and it seems that if you only use the libc/stdio APIs it will only support a single encryption key/scheme. There might be some resistance to a closed-source version of bionic libc, so it might not get wide support outside of your own build. Is there a reason you want to integrate with bionic libc? Have you considered and rejected other options? What sort of performance drawback are you concerned about integrating with bionic? What are your performance goals? I would suggest that if you only wish to encrypt the names and contents of a few files in one application, or you wish to make this work on version of Android that you don't control/build, include the encryption mechanisms with the application. Use standard file access methods, but decrypt after reading and encrypt before writing. If you need to integrate non-Java code use the NDK. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
