Attribute-level encryption of data in public Android databases

Abstract

Android mobile devices have become an attractive consumer product because of their portability, high-definition screens, long battery life, intuitive user interface, and ubiquitous competitive vendor pricing. The very feature that has helped with the proliferation of the devices is also one of the most problematic: their portability could result in theft, potentially allowing data to be compromised. For applications deployed to these devices, data security requirements need to be incorporated in the design process so these devices can be considered viable data collection tools. Researchers at RTI have been working to secure data on Android mobile devices so that selected information on the device can be encrypted and therefore difficult to obtain illegitimately while still making confidential data easy to access. We have developed software that will encrypt specific attributes of databases residing on the internal secure digital card (SD card) of Android devices. The method we have developed could also benefit other Android applications requiring secure storage of data on globally readable and writable databases. In this occasional paper, we discuss the technologies and methods used in our Android database encryption/ decryption implementation and their potential scalability to broader applications.