How to Keep Your Secrets Safe - Alternatives to 'Just Don't' on an Android Device

Explore Android device security strategies in this 38-minute conference talk from the OWASP Netherlands Chapter Meeting. Delve into various approaches for safeguarding secrets within Android applications, covering topics from protecting authentication information to securing keys. Learn about secure password wrappers, network security, and the Android Keystore. Understand the challenges of fingerprint authentication, key generation, and management. Gain insights into secure key storage techniques, including the use of big integers and secret keys. Discover best practices for implementing robust security measures in Android app development, enhancing your ability to protect sensitive information on mobile devices.

Introduction
Outline
Key Words
Sample App
Secure Password wrapper
Secure Password helper
How far do I want to go
Dont touch me like that
Network Security
Android Keystore
How does this work
Keystore
Lock Screen Flow
Challenges
Remove Fingerprints
How do you use it
What is insecure hardware
How to generate a key
How to generate a private key
Steps
First Check
Fingerprints
Authentication callback
Authentication result
Previous slide
Exceptions
Key Management
Good and Bad
No Control
No Keystore
Big Integers
Secret Keys
The Story
The Secret Key
Storage
Summary
Round Keys
Bounce Call
Android Know How