Facebook has released the source code for a software library, the contents of which are aimed to help developers of apps for Android devices with security encryption. The library is named Conceal and is specifically aimed to respond to the security needs of Android app developers. This is unlike other software libraries available, that offer a wide array of encryption algorithms, said Subodh Iyengar, an engineer at Facebook, in a blog post. Conceal uses select algorithms from the industry-standard OpenSSL open source library, providing Android app developers with a number of defaults. By using only some elements of OpenSSL, Facebook was able to provide an encryption code that is just 85KB in size.
The Conceal algorithms are fast even on low-powered ARM chips. When tested on a Samsung Galaxy Y, the library did much better than stock Java encryption and the Bouncy Castle, another software library.
Conceal supplies the algorithms through an application programming interface (API), which saves developers time by eliminating the choices other such libraries require them to make. A developer only needs to pass an I/O stream to the library, and it returns a wrapped stream that is automatically encrypted or decrypted as it is being written / read. This makes Conceal particularly useful for encrypting data that is stored on SD cards, which was Facebook’s aim in developing the library. The Android privacy model treats SD card storage as a directory that can be freely accessed, Iyengar explained, which allows apps to read data if they have the appropriate permissions. The Facebook Android app would only write something to the SD card after encrypting it with Conceal. Currently, Conceal is supported on Android 2.3 Gingerbread and up.