使用共享preferences安全 [英] Security with SharedPreferences
问题描述
我正在开发中,我要保存非常敏感的数据的应用程序,它不应该在与用户接触。我认识了这个<一个href="http://resources.infosecinstitute.com/android-hacking-security-part-9-insecure-local-storage-shared-$p$pferences/">source如果设备是植根然后访问共享preferences 并修改它是小菜一碟。我不希望它。那么,有没有保护我的共享preferences 从任何地方被访问的方法。或者更好的是,如果有一个人可以建议更安全的数据存储选项
I am developing an application in which I have to store very sensitive data and it should not come in contact with the user. I got to know from this source that if a device is rooted then accessing SharedPreferences and modifying it is a cakewalk. And I don't want it. So is there any method to protect my SharedPreferences from being accessed from anywhere. Or better still if some one can advise safer data storage option
推荐答案
有不同的考虑的要点:
中的数据是安全的在这里的code级。它只能通过该应用进行访问(在恶意的或正常的方式)
The data is safe here on the code level. It can only be accessed through the app (in malice or normal manner)
同上。您的数据安全。在安全等级没有区别,它只是为安全或不安全的,因为它会被unecrypted。
Same as above. Your data is safe. No difference in security level, it's just as safe or unsafe as it would be unecrypted.
的数据可以被访问并通过任何应用程序操纵。但是你要考虑,只有一个很小的百分比(我在1-2%猜想,但没有可靠的数据对interweb)的设备扎根,如果用户自己的根设备,他/她特意留下自己的脆弱。这不是一个Android系统的设置,如果根,你有责任的后果。
The data can be accessed and manipulated by any App. But you have to consider that only a very small percentage (I guess under 1-2%, but there is no reliable data on the interweb) of devices are rooted and if a user roots his device he/she deliberately leaves himself vulnerable. This is not an Android system setting, if you root, you are responsible for the consequences.
所以,你必须将你的数据进行加密的选项。有一个现成的<一个href="http://www.$c$cproject.com/Articles/549119/Encryption-Wrapper-for-Android-Shared$p$pferences">solutions此。但问题是保持钥匙的秘密。在源$ C $ C为HAR codeD密钥可以很容易地反编译(甚至字节code混淆器像Proguard的)。每一个应用程序内生成的密钥在某处被保存,并在根设备上到底可以访问无关的位置(共享preF,SQL,文件)。每用户密钥的服务器端,这只是保存在RAM中是一个小更安全,但会降低可用性,因为你需要做一个服务器请求第一次应用程序启动或每次它的垃圾收集。这可能会影响线下的能力。
So you have the option to encrypt your data. There a ready solutions for this. But the problem is to keep the key secret. A harcoded key in source code can easily decompiled (even with byte code obfuscator like Proguard). A per-app generated key has to be saved somewhere, and in the end on a rooted device it can be accessed irrelevant of the location (shared pref, sql, file). A server side per user key that is only saved in RAM is a little more secure but degrades usability as you need to make a server request the first time the app is started or everytime it's garbage collected. This may interfere with offline capability.
除了最后一个方法,加密您的共享preference几乎没有给出任何真正的安全增强功能。
Aside from the last method, encrypting your shared preference hardly gives any real security enhancements.
自四月'14谷歌有一个<一个href="http://www.androidpolice.com/2014/04/10/google-is-rolling-out-constant-on-device-scanning-for-verify-apps-feature/">malware扫描仪嵌入在设备中(也Play商店服务器端)上播放服务检测恶意应用程序和它的定义经常更新(至少每6周为的是Play商店应用的发布周期)和适用于每一个谷歌Android 2.3 +。
Since April '14 Google has a malware scanner embedded in the play services on the device (also in the play store server side) that detects malice apps and its definition is frequently updated (at least every 6 weeks as is the release cycle of the play store app) and works with every Google Android 2.3+.
作为一个恶意应用程序,读取数据我必须考虑我的应用程序仅适用于设备的一小部分,然后还只是一个短暂的时期,我的主要distribition渠道会让人下载APK一个潜在的开发者并手动安装该应用,希望不会被恶意软件扫描立刻,该组合是一个非常unlikley场景被识别。这会让我倾向于使用入侵其他装置,它有一个更好的工作对回报率。
As a potential developer of a malice app that reads your data I have to consider that my app only works on a small percentage of devices and then also only a brief period and my main distribition channel would be to make people download the apk and manually install the app and hopefully won't be recognized by the malware scanner immediatly, which combined is a very unlikley scenario. This would make me inclined to use other means of intrusion which have a better effort-to-return ratio.
我想这就是原因仍然只有少数的恶意应用程序的Android和无wides $ P $垫感染至少我知道的(中间2015年)。
I guess thats the reason there are still only a few malice apps for android and no widespread "infection" at least I know of (middle 2015).
我会重新考虑,如果你的设计符合您的要求。通常你想存储至少sensetive数据就可以,只有得到它从服务器,如果你需要它,然后只保留它在RAM中,只要你需要它。数据即potientially非常有害,因此不应该被持久保存在设备上(如果可能的话)。正如我们讨论过在你的Android手机上的数据不能被固定在该satisfyes每一个安全要求的方式。
I would rethink if your design fits your requirements. Usually you want to store the least sensetive data you can and only get it from the server if you need it and then only keep it in RAM as long as you need it. Data that is potientially very damaging therefore should not be saved persistently on the device (if possible). As we discussed data on your Android phone cannot be secured in a way that satisfyes every security requirement.
除此之外,你还必须考虑,以确保在UI层面的数据或其他任何人都可能只是把你的手机,并通过应用程序访问的核弹codeS。
Aside from that you also have to consider to secure the data on the UI level or otherwise anybody could just take your phone and access the nuclear bomb codes through the app.
TL;博士
- 坚持只在手机上的敏感数据,你实际上需要保持你的应用程序的一个合理的可用性。在RAM其他一切属于(例如,作为一个对象成员),并应根据需要来获取并保持尽可能简短
- 在一个有效的恶意软件为您的应用程序的存在是不可能
- 共享prefrence是安全上未delibertly做弱势的所有设备。你有没有影响,这样你就可以不承担责任,因为它是不是手机 的标准功能
- 在加密上的android手机的数据几乎没有给出任何真正的安全增强功能
这篇关于使用共享preferences安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
