保护 Android 应用敏感数据的最佳方法? [英] Best way to secure Android app sensitive Data?

问题描述

是的，这是一个非常普遍的问题，但我正在尝试了解处理接触基础的应用程序的最佳方法，该应用程序带有将敏感数据分发到应用程序的网络服务器.任何链接，一般信息建议等......将不胜感激.

Yes this is a pretty general question but I'm trying to get a feel for the best way to handle an app that touches base w/ a webserver that distributes sensitive data to the app. Any links, general information advice etc.. would be appreciated.

由于应用程序会存储从数据库中检索到的持久性数据一段时间.一切都变得有些棘手.

Since the app would store persistant data retreived from the database for a certain amount of time.. everything becomes somewhat touchy.

推荐答案

在设备上存储敏感数据

这在很大程度上取决于您的观众.通常，Android 操作系统禁止应用通过经过验证的 Linux 文件权限访问彼此的文件(即数据库、首选项文件、存储在应用私有目录中的常规文件).但是，在有 root 权限的设备上，应用程序可以获得 root 访问权限并读取所有内容.需要考虑的一些事项:

Storing sensitive data on the device

That depends very much on your audience. Normally, the Android OS prohibits apps from accessing each other's files (i.e. databases, preference files, regular files stored in the app's private directory) through proven Linux file permissions. However, on rooted devices an application can obtain root access and read everything. A few things to think about:

1. 如果您知道您的用户没有 root 权限(例如，如果您不通过 Android Market 分发应用程序，而是只在您的公司或类似的地方分发应用程序)，那么您可以简单地依赖 Android 基于文件系统的安全性.
2. 如果用户确实获得了 root 访问权限，他将非常小心他将该权限授予给哪个应用程序
3. 如果某个应用确实获得了 root 访问权限，则可能会造成很大的破坏.您应用中的信息可能是用户最不担心的.
4. 生根导致零保修.包括在应用程序中.您不对在已获得 root 权限的手机上泄露信息负责.

总而言之，如果您的信息不是超级敏感的(例如信用卡信息)，我建议您只使用 Android 提供的默认安全性(即以纯文本格式保存所有内容，知道其他应用程序无法访问)它).

To conclude, if your information is not super-duper sensitive (e.g. credit card information), I'd suggest just sticking with the default security provided by Android (i.e. save everything in plain text, knowing other apps can't access it).

否则，加密是必经之路.它不是 100% 安全的(黑客可以反编译您的应用程序并找出如何解密数据)，但破解它是一个主要的痛苦并且会阻止大多数黑客.特别是如果您使用诸如 ProGuard 之类的东西来混淆代码.

Otherwise, encryption is the way to go. It's not 100% secure (a hacker could de-compile your app and figure out how to decrypt the data), but it's a major pain to crack and will stop most hackers. Especially if you obfuscate your code with something like ProGuard.

这里有几个选项.首先，始终使用HTTPS.启用 HTTPS 后，我会建议以下两项额外的安全措施:

You have a few options here. First of all, always use HTTPS. After enabling HTTPS, here are two extra security measures I would propose:

1. 使用 API 密钥系统.在您的所有请求中包含此 API 密钥，并在发回任何响应之前在服务器端检查它.请记住，由于您使用的是 HTTPS，攻击者将无法仅使用网络嗅探器来找出您的 API 密钥.但是，如果有人反编译了您的应用程序，这很容易确定，这就是为什么您可以进一步混淆它(除了使用 ProGuard).例如，您可以将 API 密钥分解成围绕代码的各个部分(例如作为两个或三个类中的静态成员).然后，当您发送请求时，您只需连接所有这些部分.您甚至可以应用某种其他类型的转换(例如位移)，以使其更难从反编译代码中找出答案.
2. 您可以在每次发送请求时生成一个密钥.该密钥将通过使用一些只有您知道的逻辑生成，以便您也可以在客户端和服务器端实现它.例如，请求可以包含以下参数:
   time=1321802432&key=[generated-key]
   其中 generated-key 是从 time 参数生成的.例如:md5(time + salt).当服务器收到这个请求时，它可以做两件事:

1. Use an API key system. Include this API key in all your requests and check it on the server side before sending any response back. Remember that since you're using HTTPS, an attacker would not be able to just use a network sniffer to find out your API key. However, this is pretty easy to figure out if someone decompiles your app, which is why you can obfuscate it even further (besides using ProGuard). For example, you can keep the API key broken up into pieces all around your code (for example as static members in two or three classes). Then, when you send a request, you just concatenate all those pieces. You can even apply some other sort of transformation (e.g. bit shifting) to make it even harder to figure out from the decompiled code.
2. You can generate a key every time you send a request. That key would be generated by using a bit of logic that only you know, so that you can implement it client- and server-side as well. For example, a request could include the following parameters:
   time=1321802432&key=[generated-key]
   where generated-key is generated from the time parameter. For example: md5(time + salt). When the server receives this request, it can do two things:

1. 检查key确实等于md5(time + salt)(注意只有客户端和服务器知道salt，它可以像上面的 API 密钥)和
2. 检查 time 是否回到过去不太远(例如，如果过去超过 1-2 分钟，则认为请求无效).

1. Check that key is indeed equal to md5(time + salt) (note that only the client and the server know the salt and it can be obfuscated similarly to the API key above), and
2. Check that time is not too far back in the past (e.g. if it's more than 1-2 minutes in the past, consider the request invalid).

如果你也做普通的 HTTP 请求，那么第二种方法更有用，每个人都可以看到发送的参数.此外，从反编译代码中找出来要困难得多.尤其是当您将关键计算逻辑分散到多个类时.

The second method is more useful if you are also doing plain HTTP requests, where everyone can see the parameters being sent. Also, it's much harder to figure out from decompiled code. Especially if you spread the key calculation logic across multiple classes.

但是，请注意没有什么可以破解您的应用程序.您可以根据需要进行混淆，如果黑客真的确定要获取您的数据，他将能够通过反编译您的应用程序并花费许多不眠之夜浏览您的代码并弄清楚请求是如何形成的.除了完成我在上面写的所有工作之外，唯一真正保护您的数据的方法是向您的用户询问密码.您无法从反编译代码中获得仅存在于某人(用户)头脑中的密码:).

However, note that nothing makes it impossible to crack your app. You can obfuscate as much as you want, if a hacker is really determined to get to your data, he will be able to so by decompiling your application and spending many sleepless nights passing through your code and figuring out how the requests are formed. The only real way of securing your data is by asking your user for a password, besides doing all the work I wrote about above. You can't get a password that only exists in someone's (the user) head from decompiled code :).

这篇关于保护 Android 应用敏感数据的最佳方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！