Securing Legacy Android Apps: Modern Encryption Practices

As package engineers emergence up nan ranks from inferior levels to managerial roles successful mobile development, good codification practices go much evident and not conscionable an afterthought. One of nan litmus tests of seniority is nan expertise to accommodate to modern information practices.

It is worthy noting that arsenic nan mobile ecosystem moves fast, attacks connected personification information besides germinate astatine nan aforesaid pace. Therefore, it is nan engineer’s work to modernize nan remnants of bequest implementations, moreover if they still look to work. That’s because they expose users to information threats and render applications susceptible to attacks.

Some of nan information indebtedness often hidden beneath aged codification include, but are not constricted to:

• Use of MD5 or SHA-1 for hashing passwords aliases verifying information integrity.
• Reliance connected DES aliases AES/ECB for encryption (both prone to predictable patterns).
• Hardcoded API keys aliases symmetric keys stored successful SharedPreferences alternatively of nan Android Keystore System.
• Outdated authentication flows, specified arsenic Basic Auth aliases civilization token handling.
• Use of deprecated and ESAPI-banned API, specified arsenic android.webkit.WebView.setJavaScriptEnabled(true) and Math.Random.*
• Non-compliance pinch nan astir caller OWASP Top 10 lists.

A emblematic information scan of a mobile exertion by AppSec tools, specified arsenic Checkmarx, will much often uncover nan supra practices, each of which were erstwhile communal but are now considered dangerous.

Let’s research shared bequest cryptographic algorithms and their modern equivalents.

The Dangers of Weak Hash Algorithms (MD5 and SHA-1)

MD5 and SHA-1 are cryptographic hash functions known for their vulnerabilities, including susceptibility to collision attacks. A cryptographic hash usability takes immoderate input, which tin beryllium a message, record aliases password, producing a short and unsocial fingerprint of that data. A collision onslaught occurs erstwhile 2 chopped inputs nutrient nan aforesaid hash, starring to personality spoofing, tampering pinch signed information and different information breaches by attackers done reverse-engineering aliases hash manipulation.

These algorithms person been surgery publically for years. MD5, collisions tin beryllium generated successful milliseconds connected user hardware. A cardinal vulnerability: SHA-1 was officially deprecated aft Google’s SHAtteredattack successful 2017. Over time, cryptanalysis has shown that SHA-1 is nary longer unafraid capable for usage successful delicate applications.

Additionally, continuous usage of these algorithms for password storage, signature procreation aliases integrity checks tin lead to non-compliance pinch regulatory bodies specified arsenic EU information privateness laws GDPR, nan world costs paper manufacture information modular PCI-DSS and others.

Alternatives for Data Integrity and Password Hashing

Therefore, to unafraid your bequest application, see replacing nan supra susceptible algorithms pinch nan following:

For information integrity, alternatively of utilizing an MD5 checksum, see a much unafraid cryptographic hash function, specified arsenic SHA-256 aliases SHA-3. They connection stronger guidance to collision and pre-image attacks. Using SHA-256 aliases SHA-3 besides guarantees determinism by ensuring nan aforesaid input ever gives nan aforesaid hash, while ensuring that moreover a mini input alteration results successful a important alteration successful output. This avalanche effect helps to observe moreover nan slightest one-bit tampering aliases corruption.

When it comes to password retention and hashing, see an algorithm that not only provides information integrity but besides ensures confidentiality. This is wherever MD5 and SHA-1 fail. These cryptographic hash functions are designed for integrity and speed, but ne'er for unafraid password storage. Additionally, nan hashes are ever stored by adding salt, making them prone to rainbow array attacks.

To flooded this, see utilizing security-focused algorithms specified arsenic bcrypt, Argon2 aliases PBKDF2. These are not conscionable hash algorithms but cardinal derivation functions (KDFs), which are engineered to defy brute-force and GPU attacks.

Password-Based Key Derivation Function 2 (PBKDF2) is 1 of nan astir wide utilized KDFs and is approved by nan National Institute of Standards and Technology (NIST). PBKDF2 strengthens nan information of hashed passwords by adding a brackish to nan pre-hashed password, ensuring that nan aforesaid password produces a different hash. This attack defeats nan rainbow array attacks. PBKDF2 besides applies galore iterations of nan hashing process, known arsenic stretching. Stretching implies aggregate applications of nan hash usability (thousands aliases moreover millions of times) to nan password and brackish combination. This attack slows nan hash computation, thereby reducing nan feasibility of brute-force attacks.

PBKDF2 is constricted successful nan number of salts it tin generate, truthful it is nan engineer’s work to make and shop salts separately. It is this limitation that makes bcrypt a penchant for many. With built-in and automatic brackish handling, bcrypt is considered much unafraid owed to guidance to GPU cracking.

It is older, CPU-intensive and simpler to implement. This makes it a reasonable prime for little demanding applications aliases bequest applications, but it is not nan sharpest instrumentality available. For this, Argon2 is nan double-edged “Honjo Masamune” sword.

Argon2 is simply a modern, unafraid KDF designed to protect passwords by being memory-hard, which intends it requires much representation resources. This makes brute-force attacks utilizing accelerated hardware, specified arsenic GPUs, overmuch little businesslike and much costly. It is besides highly configurable, enabling fine-tuning of information parameters specified arsenic representation usage, iterations and parallelism — making it resistant to evolving cracking techniques.

It is worthy mentioning that KDFs should beryllium implemented connected nan backend server for password storage, arsenic hashing connected nan client-side (Android) is insecure against server compromise.

Vulnerabilities of DES and AES/ECB Encryption

Other than nan above, if your exertion uses symmetric encryption arsenic an alternative, switch AES/ECB aliases DES pinch AES/GCM. Symmetric encryption is 1 of nan 2 basal pillars of modern cryptography, alongside public-key (asymmetric) encryption. In symmetric encryption, nan aforesaid cardinal is utilized for some encryption and decryption. It is besides wide utilized successful modern mobile development, ranging from record encryption and token retention to unafraid preferences.

The Advanced Encryption Standard (AES) replaced nan deprecated Data Encryption Standard (DES), a 56-bit symmetric cipher from nan 1970s. DES has a very mini keyspace, making it easy to brute-force.

AES/ECB (Electronic Codebook) has a basal weakness of shape exposure. By design, AES/ECB divides plaintext into fixed-size blocks and encrypts each artifact independently pinch nan aforesaid key. As elemental arsenic it is, it is considered insecure because nan aforesaid plaintext blocks nutrient nan aforesaid ciphertext blocks, hence leaking patterns.

Modern Symmetric and Asymmetric Encryption Alternatives

The modern and unafraid alternatives include:

AES/CBC (Cipher Block Chaining), wherever each plaintext artifact is XORed pinch nan erstwhile ciphertext artifact earlier being encrypted, causing a chaining effect. The first artifact must besides person a unsocial initialization vector (IV).

AES-GCM (Galois/Counter Mode) is nan modern, integrity-centered and recommended mode of symmetric encryption connected Android and successful astir unafraid systems today. It operates by incrementing a antagonistic and XORing nan consequence pinch nan plaintext. GCM is an Authenticated Encryption pinch Associated Data (AEAD) mode, meaning it provides some confidentiality and integrity successful a azygous businesslike step.

It is important to make judge that nan symmetric keys are not hard-coded aliases stored successful insecure locations specified arsenic SharedPreferences. Instead, usage Android Keystore System which stores keys successful an isolated and non-exportable measurement and utilizing nan Cipher people pinch nan correct translator drawstring (such arsenic AES/GCM/NoPadding).

Asymmetric encryption (public-key encryption), connected nan different hand, is excessively slow to beryllium utilized for bulk information connected mobile applications. It is chiefly utilized to supplement symmetric encryption successful a hybrid attack to unafraid nan speech of AES symmetric keys and to support integer signatures for authentication and information integrity. RSA (Rivest-Shamir-Adleman) relies connected nan trouble of factoring ample premier numbers. It uses a nationalist cardinal for encryption and a backstage cardinal for decryption.

For public-key encryption, see RSA/OAEP (Optimal Asymmetric Encryption Padding) aliases ECC (Elliptic Curve Cryptography) alternatively of RSA/ECB/PKCS1, which deficiency modern cryptographic guarantees. The padding strategy (PKCS1) utilized successful RSA/ECB/PKCS1 is nan starring origin of nan vulnerability, arsenic it is obsolete, lacks modern information proofs and is susceptible to chosen-ciphertext attacks. OAEP padding eliminates these vulnerabilities by adding randomness and utilizing hash functions.

For signing aliases certificate purposes, see transitioning to stronger algorithms, specified arsenic RSA pinch SHA-256 aliases ECDSA (Elliptic Curve Digital Signature Algorithm). When it comes to Android information and different resource-limited environments, ECDSA is highly favoured because it tin nutrient smaller and faster-processing keys, which is important for TLS/SSL communication.

Additionally, to unafraid nan certificates and build spot during nan connection betwixt applications and nan server complete TLS/SSL, see certificate pinning. It adds a furniture of information by ensuring that nan exertion only trusts specific, preset certificates aliases nationalist keys, which is simply a important defence against man-in-the-middle (MITM) attacks.

Conclusion

Migrating to modern cryptography should beryllium a canary process that involves a clear audit of bequest algorithm use, consequence classification, compatible migration and, finally, intensive testing and verification. All these processes should besides impact clear archiving of nan task blueprint for early development.

Group Created pinch Sketch.