Producing secure cryptographic code has never been easy, especially for developers cranking out smartphone apps on tight deadlines. Now, Facebook engineers hope to ease the pain with an open-source tool that automates some of the more difficult tasks.
Conceal, as the code library has been dubbed, provides a set of easy-to-use programming interfaces for securely storing sensitive app data on an Android-based smartphone's secure digital (SD) card. Using an SD card to stash authentication tokens and similar data helps speed up bandwidth- and resource-constrained mobile apps, but it often comes at a cost. Android designates SD cards as a public resource, a design that allows other apps to access the same files. That means developers who want to improve the performance of their apps have frequently struggled to secure SD-residing data so it can't be accessed by other programs.
"Many develop one-off solutions themselves," Facebook software engineer Subodh Iyengar told Ars. "One objective of releasing Conceal is to enable other developers to quickly get up and running. We also believe that libraries get better with contributions and feedback from the community, and the community support can help improve the performance and security of this library."