Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users’ devices, especially when they use unprotected external storage that’s prone to hijacking.
Moreover, considering that there are not many reference frameworks available for the same, Google also advised using an easy-to-implement security library available as part of its Jetpack software suite.
The open-sourced Jetpack Security (aka JetSec) library lets Android app developers easily read and write encrypted files by following best security practices, including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens.
To give a bit of context, Android offers developers two different ways to save app data. The first one is app-specific storage, also known as internal storage, where the files are stored in a sandboxed folder meant for a specific app’s use and inaccessible to other apps on the same device.
The other is shared storage, also known as external storage, which sits outside the sandbox protection and is often used to store media and document files.
However, it has been found that the majority of the apps…