Home Articles Why Google’s Keystore is Critical to Secure Android 9

Why Google’s Keystore is Critical to Secure Android 9


Recently, Google added new Android Key Security features for Android Pie to make the phone more secure. Read on to know more about it…

Android 9 Pie may be slow in rolling out new security features but it’s better when it’s compared to Oreo. Google is making a some more tweaks to its tools for Android mobile developers to boost the security of their systems against the backdrop of recent security issues from poor development practices. Recently, Android Keystore got an upgrade to Android Pie. This feature offers app developers a way to secure the data of app users by using a set of cryptographic tools.

New Security Features
Security is embedded into a secure hardware, protecting the keys and using them only within a secure environment. This method allows apps to be protected from potential attacks by specifying a restriction on how the keys are used. This time, more Keystore capabilities have been added. First, there’s the enabling of restrictions on key use. The other uses a secure key and protects the material from an OS or app.

To make the phone more secure than ever, the Keystore is locked until access is needed. Keyguard-bound cryptographic keys have been added to the latest Android Pie version. This feature allows Keyguard binding and authentication binding. They are similar in many ways but differ in what they can do. Keyguard binding brings the keys to the screen lock state.

Secure Key Import has also been added so existing keys are allowed securely into the apps. The secure key is encrypted from a cloud or a data center. Source is remote but is protected by using a public wrapping key–the SecureKeyWrapper format.

Boon for Android Developers
Keystore provides app developers with a set of hardware-rooted crypto-tools designed to secure user data with a key-based system. Developers can use the Keystore to define which application “secrets” are encrypted, and in what context they can be unlocked. With the release of Android Pie, Google’s latest mobile OS, developers now have the ability to better protect sensitive information by preventing applications from decrypting keys if the user isn’t using the device.

This is done by the implementation of “keyguard-bound” cryptographic keys, which can be done for any algorithm the developer chooses. The availability of this type of key to perform data decryption is tied directly to the screen-lock state; so, the keys become unavailable as soon as the device is locked, and are only made available again when the user unlocks the device.

“There are times when a mobile application receives data but doesn’t need to immediately access it if the user is not currently using the device,” Google Play researchers said in a posting on Wednesday.  “[Now] when the screen is locked, these keys can be used in encryption or verification operations, but are unavailable for decryption or signing. If the device is currently locked with a PIN, pattern or password, any attempt to use these keys will result in an invalid operation.”

Data Privacy
One example of an app that takes advantage of Secure Key Import is Google Pay on Pixel 3 devices. This feature allows data of users to remain locked and private but can be accessed when quickly needed. The effect is user’s data are always protected even when the phone is locked. When data are needed, they can be easily accessible.

A Brief Conclusion
Making additional measures available to developers to help them lock down their applications to prevent data leaking or the possibility of data exfiltration is timely; Android developers have been provided secure weapons over sloppy data practices of late.

Android Keystore is a secure hardware feature but is only ready for some Android Pie phones. Not all Pie devices can receive the feature yet but should widely be available in the near future.


Please enter your comment!
Please enter your name here

− 2 = 1